Microsoft Excel Out-of-Bounds Read Vulnerability Allowing Local Remote Code Execution

A vulnerability allowing out-of-bounds read has been identified in Microsoft Office Excel. This issue enables an unauthorized attacker to execute code locally. The vulnerability is present in several versions of Microsoft Excel, including the 2016 (both 32-bit and 64-bit editions), Office LTSC for Mac 2021 and 2024, Office LTSC 2021 and 2024 (both 32-bit and 64-bit editions), and Microsoft 365 Apps for Enterprise (also in both 32-bit and 64-bit systems).

Impact

Exploitation of this vulnerability could lead to unauthorized local code execution.

Remediation

Users can download the security update for this vulnerability through the Microsoft Update Catalog. For Microsoft Office LTSC for Mac 2021 and 2024, the security update will be released as soon as possible, and customers will be notified via a revision to this CVE information.