Microsoft Excel
Moderate fix1 remedy
cpe:2.3:a:microsoft:excel:*:*:*:*:*:*:*
Moderate fix1 remedy
Microsoft Excel Heap-Based Buffer Overflow Vulnerability Allowing Local Code Execution
Vulnerability
A heap-based buffer overflow vulnerability has been identified in Microsoft Office Excel. This vulnerability allows an unauthorized attacker to execute code locally. It affects multiple versions of Excel, including Excel 2016 (both 32-bit and 64-bit editions), Office LTSC for Mac 2024, Office LTSC 2024 for 32-bit and 64-bit editions, Office LTSC 2021 for 32-bit and 64-bit editions, Office LTSC for Mac 2021, Microsoft 365 Apps for Enterprise for both 32-bit and 64-bit systems, Office 2019 for 32-bit and 64-bit editions, and Office Online Server.
Impact
Exploitation of this vulnerability could lead to remote code execution, allowing an attacker to execute arbitrary code on the affected system.
Remediation
Users can download the security update for Microsoft Excel 2016 (32-bit and 64-bit editions) from the Microsoft Update Catalog. For Office LTSC and Microsoft 365 Apps for Enterprise users, security updates are also available through the Office Update mechanism. Office Online Server users can download the security update from the Microsoft Update Catalog.
Added: May 12, 2026, 7:44 PM
Updated: May 12, 2026, 7:44 PM
Vulnerability Rating
Custom Algorithm
spread
9.0impact
7.5exploitability
3.6remediation
7.7relevance
8.1threat
0.0urgency
2.9incentive
0.0Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.