Microsoft Excel Out-of-Bounds Read Vulnerability Leading to Local Code Execution

A vulnerability allowing out-of-bounds read has been identified in Microsoft Office Excel. This issue could enable an unauthorized attacker to execute code locally. The vulnerability is present in several versions of Excel, including Excel 2016 (both 32-bit and 64-bit editions), Microsoft Office LTSC for Mac 2021 and 2024 (both 32-bit and 64-bit editions), Microsoft Office LTSC 2021 for 32-bit and 64-bit editions, Microsoft Office 2019 for 32-bit and 64-bit editions, and Microsoft 365 Apps for Enterprise for 32-bit and 64-bit systems.

Impact

Exploitation of this vulnerability allows for local code execution.

Remediation

Users can download the security update for this vulnerability through the Microsoft Update Catalog. For Microsoft Office LTSC for Mac 2021 and 2024, the security update is also available via the Mac App Store.