CVE-2022-41106

Name of the Vulnerable Software and Affected Versions Microsoft Excel versions prior to the fixed version Microsoft Office versions prior to the fixed version Microsoft 365 Apps for Enterprise versions prior to the fixed version Microsoft Office Excel 2019 x86 - version 2207, build 15427.20210 Microsoft Office Excel 365 - version 2202, build 14931.20660

Description The issue exists due to insufficient input validation in Microsoft Excel, allowing an attacker to execute arbitrary code using a specially crafted file. This can be achieved through a double-free vulnerability in the attribute class of Microsoft Office Excel. The exploitation of this issue may enable a remote attacker to affect the system.

Recommendations For Microsoft Excel 2019 x86 - version 2207, build 15427.20210, update to a newer version that includes the fix. For Microsoft Office Excel 365 - version 2202, build 14931.20660, update to a newer version that includes the fix. For other affected versions of Microsoft Excel, Microsoft Office, and Microsoft 365 Apps for Enterprise, update to a newer version that includes the fix. As a temporary workaround, consider avoiding the use of specially crafted files that could exploit the double-free vulnerability in the attribute class of Microsoft Office Excel.