Microsoft Excel Out-of-Bounds Read Vulnerability Leading to Local Code Execution

A vulnerability allowing out-of-bounds read has been identified in Microsoft Office Excel. This issue enables an unauthorized attacker to execute code locally. The vulnerability is present in several versions of Excel, including Excel 2016 (both 32-bit and 64-bit editions), Microsoft Office LTSC 2021 (32-bit and 64-bit editions), Microsoft Office LTSC 2024 (32-bit and 64-bit editions), Microsoft 365 Apps for Enterprise (32-bit and 64-bit systems), Office Online Server, and Microsoft Excel 2019 (32-bit and 64-bit editions).

Impact

Exploitation of this vulnerability allows for remote code execution, with the attacker needing to send a malicious file to the user and convince them to open it.

Remediation

Users can download the security update for this vulnerability through the Microsoft Update Catalog. Instructions for applying the update are available on the Microsoft Office Update Guidance page.