Microsoft Office Heap-Based Buffer Overflow Vulnerability Allowing Local Code Execution

A heap-based buffer overflow vulnerability has been identified in Microsoft Office. This vulnerability allows an unauthorized attacker to execute code locally. It affects multiple versions of Microsoft Office, including Office 2016, Office 2019, Office LTSC 2021, Office LTSC 2024, and various SharePoint Server editions. The vulnerability requires user interaction, as an attacker must send a malicious Office file and convince the user to open it.

Impact

Exploitation of this vulnerability could lead to unauthorized local code execution.

Remediation

Users can download the security update for Microsoft Office 2016, 2019, LTSC 2021, and LTSC 2024 through the Microsoft Update Catalog. For SharePoint Server 2019 and SharePoint Enterprise Server 2016, the security update is also available via the Microsoft Update Catalog. Instructions for updating Microsoft 365 Apps for Enterprise on Windows are available on the Microsoft 365 Apps Security Updates page. For Mac users, the update will be released as soon as possible, with notifications provided via a revision to the CVE information.