CVE-2021-31177

Name of the Vulnerable Software and Affected Versions Microsoft Office (affected versions not specified) Microsoft 365 Apps for Enterprise (affected versions not specified) Microsoft Excel (affected versions not specified) Microsoft Office Web Apps Server (affected versions not specified)

Description The issue is related to the use of memory after it has been freed, which can be exploited by a remote attacker to execute arbitrary code using a specially crafted file. This can occur through the parsing of Microsoft Excel XLS files. The vulnerability allows remote attackers to execute arbitrary code.

Recommendations For Microsoft Office, consider restricting the use of Microsoft Excel XLS file parsing until a patch is available. For Microsoft 365 Apps for Enterprise, avoid using potentially malicious files from untrusted sources to minimize the risk of exploitation. For Microsoft Excel, as a temporary workaround, consider disabling the parsing of XLS files until a patch is available. For Microsoft Office Web Apps Server, restrict access to the server to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.