CVE-2021-24070

Name of the Vulnerable Software and Affected Versions: Microsoft Excel (affected versions not specified) Microsoft Office (affected versions not specified) Microsoft 365 Apps for Enterprise (affected versions not specified) Microsoft Office Web Apps Server (affected versions not specified) Microsoft Office Online Server (affected versions not specified)

Description: The issue is related to insufficient input validation in Microsoft products, which can allow a remote attacker to execute arbitrary code. This can be achieved through the exploitation of a use-after-free vulnerability in the parsing of XLS files in Microsoft Excel.

Recommendations: For Microsoft Excel, consider restricting the opening of XLS files from untrusted sources until a fix is available. For Microsoft Office, apply configuration changes to minimize the risk of exploitation, such as disabling the execution of macros from untrusted sources. For Microsoft 365 Apps for Enterprise, Office Web Apps Server, and Office Online Server, restrict access to vulnerable components to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.