Primary

Context

Microsoft Excel Integer Underflow Vulnerability Leading to Remote Code Execution

Vulnerability

An integer underflow vulnerability has been identified in Microsoft Office Excel. This flaw allows an unauthorized attacker to execute code locally. The vulnerability arises from improper handling of integer values, which can be exploited by manipulating specific data within the application.

Impact

Exploitation of this vulnerability allows for remote code execution on the affected system.

Remediation

Users can download the security update for Microsoft Excel 2016 (both 32-bit and 64-bit editions) from the Microsoft Update Catalog. For Microsoft Office LTSC 2021, 2024, and 365 for Mac, the security updates will be released as soon as possible, with customers being notified via a revision to this CVE information. Office Online Server users can also download the security update from the Microsoft Update Catalog.

Added: Jun 9, 2026, 7:16 PM

Updated: Jun 9, 2026, 7:16 PM

Vulnerability Rating

Custom Algorithm

spread

9.0

impact

10.0

exploitability

3.6

remediation

7.7

relevance

9.6

threat

0.0

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

9.0

impact

10.0

exploitability

3.6

remediation

7.7

relevance

9.6

threat

0.0

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Microsoft Excel Integer Underflow Vulnerability Leading to Remote Code Execution

Vulnerability

Impact

Remediation

Affected Products

Microsoft Excel

Microsoft Office LTSC

Microsoft 365 Apps

Microsoft Office

Microsoft Office Online Server

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating