Microsoft Excel Heap-Based Buffer Overflow Vulnerability Allowing Local Remote Code Execution

A heap-based buffer overflow vulnerability has been identified in Microsoft Office Excel. This vulnerability allows an unauthorized attacker to execute code locally. It affects multiple versions of Excel, including Excel 2016 (both 32-bit and 64-bit editions), Office LTSC for Mac 2024, Office LTSC 2024 for 32-bit and 64-bit editions, Office LTSC 2021 for 32-bit and 64-bit editions, Office LTSC for Mac 2021, Microsoft 365 Apps for Enterprise for both 32-bit and 64-bit systems, and Microsoft Office 2019 for 32-bit and 64-bit editions. Additionally, the vulnerability is present in Office Online Server.

Impact

Exploitation of this vulnerability could lead to remote code execution.

Remediation

Users can download the security update for Microsoft Excel 2016 (32-bit and 64-bit editions) from the Microsoft Update Catalog. For Microsoft Office LTSC for Mac 2024, the security update is also available through the Microsoft Update Catalog. Office LTSC 2024 for 32-bit and 64-bit editions, Office LTSC 2021 for 32-bit and 64-bit editions, and Microsoft 365 Apps for Enterprise for both 32-bit and 64-bit systems all require the security update available through the Microsoft Update Catalog. Microsoft Office 2019 users can download the security update from the Microsoft Update Catalog. Office Online Server users should also refer to the Microsoft Update Catalog for the security update.