Microsoft Excel Heap-Based Buffer Overflow Vulnerability Allowing Local Code Execution

A heap-based buffer overflow vulnerability has been identified in Microsoft Office Excel. This vulnerability allows an unauthorized attacker to execute code locally. It affects several different versions and editions of Excel, including the 2016 32-bit and 64-bit editions, Office LTSC for Mac 2024, Office LTSC 2024 for both 32-bit and 64-bit editions, Office LTSC 2021 for 32-bit and 64-bit editions, and Microsoft 365 Apps for Enterprise for both 32-bit and 64-bit systems.

Impact

Exploitation of this vulnerability could lead to unauthorized local code execution.

Remediation

Users can apply the security update available through the Microsoft Update Catalog or via the Click to Run service, depending on their version of Excel. Specific update details can be found in the Microsoft Knowledge Base article 5002758 for Excel 2016 and in the release notes for the Mac versions.