Microsoft Office Out-of-Bounds Read Vulnerability Allowing Information Disclosure

A vulnerability allowing out-of-bounds read has been identified in Microsoft Office. This issue could enable an unauthorized attacker to locally disclose information by reading small portions of heap memory. The vulnerability arises from a buffer over-read, which creates the potential for information leakage.

Impact

Exploitation of this vulnerability could lead to unauthorized information disclosure.

Remediation

Security updates for this vulnerability are available for Microsoft Office LTSC 2021, LTSC 2024, and Microsoft 365 Apps for Enterprise. For Microsoft Office for Mac, updates will be released as soon as possible. Instructions for downloading the security updates can be found on the Microsoft Office Update Guide.