CVE-2021-24067

Name of the Vulnerable Software and Affected Versions: Microsoft Excel (affected versions not specified) Microsoft Office (affected versions not specified) Microsoft 365 Apps (affected versions not specified) Microsoft Office Web Apps (affected versions not specified) Office Online Server (affected versions not specified)

Description: The issue is related to insufficient input validation in Microsoft Excel, allowing a remote attacker to execute arbitrary code. This can be achieved through the exploitation of a use-after-free vulnerability when parsing XLSX files. The estimated number of potentially affected devices worldwide is not specified. There is no information about real-world incidents where this issue was exploited.

Recommendations: For Microsoft Excel, consider disabling the XLSX file parsing functionality until a patch is available. For Microsoft Office, restrict access to potentially vulnerable components to minimize the risk of exploitation. For Microsoft 365 Apps, avoid using the affected versions until a fix is provided. For Microsoft Office Web Apps, restrict user input to prevent potential exploitation. For Office Online Server, limit access to the server to reduce the risk of remote code execution. At the moment, there is no information about a newer version that contains a fix for this vulnerability.