Microsoft Office Heap-Based Buffer Overflow Vulnerability Allowing Local Code Execution

A heap-based buffer overflow vulnerability has been identified in Microsoft Office. This vulnerability allows an unauthorized attacker to execute code locally. It affects several different versions and editions of Microsoft Office, including Microsoft Office LTSC for Mac 2021, Microsoft 365 Apps for Enterprise (both 32-bit and 64-bit), Microsoft Office 2019 (32-bit and 64-bit editions), Microsoft Office for Android, Microsoft Office 2016 (32-bit and 64-bit editions), and various editions of Microsoft Office LTSC 2024.

Impact

Exploitation of this vulnerability could lead to unauthorized local code execution.

Remediation

Users can download the security update for their specific version of Microsoft Office. For Microsoft Office LTSC for Mac 2021 and 2024, the security update is available on the Microsoft Update Catalog. For Microsoft 365 Apps for Enterprise, the security update can be downloaded through the Office Update mechanism. For Microsoft Office 2019, 2016, and LTSC 2024, the security updates are also available via the Microsoft Update Catalog. Users should consult the release notes and knowledge base articles linked in the update guide for more details.