CVE-2020-1332

Name of the Vulnerable Software and Affected Versions: Microsoft Excel (affected versions not specified) Microsoft Office (affected versions not specified) Office 365 (affected versions not specified)

Description: A remote code execution issue exists in Microsoft Excel software due to improper handling of objects in memory. This could allow an attacker to run arbitrary code in the context of the current user. If the user has administrative rights, the attacker could take control of the system, install programs, view, change, or delete data, or create new accounts with full user rights. Exploitation requires a user to open a specially crafted file with an affected version of Microsoft Excel. This could be achieved through email or web-based attacks, where an attacker convinces a user to open the specially crafted file.

Recommendations: For Microsoft Excel, update the software to the latest version to address the vulnerability by correcting how Microsoft Excel handles objects in memory. For Microsoft Office, apply the security update that corrects the handling of objects in memory. For Office 365, ensure all components are updated to the latest version to mitigate the risk. As a temporary workaround, consider avoiding the use of Microsoft Excel to open files from untrusted sources until a patch is available. Restrict access to sensitive data and systems to minimize the risk of exploitation if an attacker gains control of a user's account.