Microsoft Excel Out-of-Bounds Read Vulnerability Allowing Information Disclosure

A vulnerability allowing out-of-bounds read has been identified in Microsoft Office Excel. This issue could enable an unauthorized attacker to disclose information over a network by exploiting the vulnerability. The flaw arises from improper handling of memory, which could allow sensitive data to be read by an attacker.

Impact

Exploitation of this vulnerability could lead to unauthorized information disclosure. An attacker could potentially read small portions of heap memory from the affected application.

Remediation

Users can download the security update for Microsoft Excel 2016 (both 32-bit and 64-bit editions) from the Microsoft Update Catalog. For Microsoft Office LTSC 2021, 2024, and Microsoft 365 for Mac, the security updates will be released as soon as possible, with customers being notified via a revision to the CVE information. Office Online Server users can also download the security update from the Microsoft Update Catalog.