Microsoft Excel Out-of-Bounds Read Vulnerability Leading to Remote Code Execution

A vulnerability allowing out-of-bounds read has been identified in Microsoft Office Excel. This issue enables an unauthorized attacker to execute code locally. The vulnerability is present in multiple versions of Microsoft Excel, including Excel 2016 (both 32-bit and 64-bit editions), Excel for Microsoft 365 Apps for Enterprise (32-bit and 64-bit), and Office LTSC for Mac 2021 and 2024. Additionally, the vulnerability affects Office Online Server and Microsoft Excel 2019 (32-bit and 64-bit editions).

Impact

Exploitation of this vulnerability allows for remote code execution.

Remediation

Users can download the security update for this vulnerability through the Microsoft Update Catalog. For Microsoft Office LTSC for Mac 2021 and 2024, security updates will be released as soon as possible, with customers being notified via a revision to the CVE information.