Primary

Context

Microsoft Excel Remote Code Execution Vulnerability

Vulnerability

Patched

A use-after-free vulnerability has been identified in Microsoft Office Excel, allowing an unauthorized attacker to execute code locally. This issue affects multiple versions of Excel, including the 2016 32-bit and 64-bit editions, as well as various editions of Microsoft Office LTSC 2021 and 2024 for both Mac and Windows. The vulnerability arises from improper memory management, which can be exploited by sending a malicious file to the user and convincing them to open it.

Impact

Exploitation of this vulnerability could lead to unauthorized local code execution on the affected system.

Remediation

Users can apply the security update KB5002758 for Microsoft Excel 2016 or the relevant security update for their version of Microsoft Office LTSC 2021 or 2024. Instructions for downloading these updates are available on the Microsoft Office Update page.

Added: Sep 1, 2025, 7:22 PM

Updated: Sep 1, 2025, 7:22 PM

Vulnerability Rating

Custom Algorithm

spread

8.4

impact

10.0

exploitability

4.4

remediation

7.7

relevance

0.3

threat

0.0

urgency

2.9

incentive

0.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

8.4

impact

10.0

exploitability

4.4

remediation

7.7

relevance

0.3

threat

0.0

urgency

2.9

incentive

0.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Microsoft Excel Remote Code Execution Vulnerability

Vulnerability

Impact

Remediation

Affected Products

Microsoft Excel

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating