Primary

Context

Microsoft Excel Integer Underflow Vulnerability Leading to Remote Code Execution

Vulnerability

Patched

An integer underflow vulnerability has been identified in Microsoft Office Excel. This flaw allows an unauthorized attacker to execute code locally. The vulnerability arises from an integer underflow, where values wrap around, potentially leading to unexpected behavior or exploitation.

Impact

Exploitation of this vulnerability allows for remote code execution on the affected system.

Remediation

Users can download the security update for Microsoft Excel 2016 (both 32-bit and 64-bit editions) from the Microsoft Update Catalog. For Microsoft Office LTSC 2021, 2024, and 365 for Mac, the security updates will be released as soon as possible, with customers being notified via a revision to the CVE information. Office Online Server users can also download the security update from the Microsoft Update Catalog.

Added: Jun 9, 2026, 7:21 PM

Updated: Jun 9, 2026, 7:21 PM

Vulnerability Rating

Custom Algorithm

spread

9.0

impact

7.5

exploitability

4.2

remediation

7.7

relevance

9.6

threat

0.0

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

9.0

impact

7.5

exploitability

4.2

remediation

7.7

relevance

9.6

threat

0.0

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Microsoft Excel Integer Underflow Vulnerability Leading to Remote Code Execution

Vulnerability

Impact

Remediation

Affected Products

Microsoft Excel

Microsoft Office LTSC

Microsoft 365 Apps

Microsoft Office

Microsoft Office Online Server

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating