Name of the Vulnerable Software and Affected Versions
Microsoft Office versions prior to the January 9, 2024 security update
Office 2019
Office 2021
Office LTSC for Mac 2021
Microsoft 365
Description
A security issue exists in FBX that could lead to remote code execution. The vulnerability is related to errors in processing input data, which can be exploited by opening a specially crafted malicious file. To mitigate this issue, the ability to insert FBX files has been disabled in Word, Excel, PowerPoint, and Outlook for Windows and Mac. 3D models in Office documents that were previously inserted from a FBX file will continue to work as expected unless the Link to File option was chosen at insert time.
Recommendations
For Office 2019, disable the ability to insert FBX files.
For Office 2021, disable the ability to insert FBX files.
For Office LTSC for Mac 2021, disable the ability to insert FBX files.
For Microsoft 365, disable the ability to insert FBX files.
As a temporary workaround, consider avoiding the use of FBX files in Office applications until a patch is available.
At the moment, there is no information about a newer version that contains a fix for this vulnerability.