CVE-2022-41107

Name of the Vulnerable Software and Affected Versions Microsoft Office versions (affected versions not specified) Microsoft 365 Apps for Enterprise versions (affected versions not specified)

Description The issue exists due to insufficient input validation in Microsoft Office and Microsoft 365 Apps for Enterprise. Exploitation of this issue may allow an attacker to execute arbitrary code. The vulnerability is related to the parsing of FBX files in Microsoft Excel, Microsoft Word, and Microsoft PowerPoint, which can lead to a heap-based buffer overflow and remote code execution.

Recommendations For Microsoft Office, update to a version that includes the fix for this issue. For Microsoft 365 Apps for Enterprise, update to a version that includes the fix for this issue. As a temporary workaround, consider avoiding the use of FBX files in Microsoft Excel, Microsoft Word, and Microsoft PowerPoint until a patch is available. Restrict access to the FBX file parsing functionality in Microsoft Office and Microsoft 365 Apps for Enterprise to minimize the risk of exploitation.