CVE-2021-28454

Name of the Vulnerable Software and Affected Versions Microsoft Excel (affected versions not specified) Microsoft Office (affected versions not specified) Microsoft Office Web Apps Server (affected versions not specified) Microsoft 365 Apps for Enterprise (affected versions not specified) Microsoft Office Online Server (affected versions not specified)

Description The issue is related to the implementation of syntax analysis for XLS file format in Microsoft Office packages, which involves a use-after-free memory error. This can be exploited by an attacker to execute arbitrary code using a specially crafted malicious webpage or file. The vulnerability allows remote attackers to execute arbitrary code.

Recommendations For Microsoft Excel, consider disabling the XLS file parsing functionality until a patch is available. For Microsoft Office, restrict access to potentially vulnerable components to minimize the risk of exploitation. For Microsoft Office Web Apps Server, Microsoft 365 Apps for Enterprise, and Microsoft Office Online Server, avoid using the vulnerable syntax analysis functionality for XLS files until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.