CVE-2024-49026

Name of the Vulnerable Software and Affected Versions: Microsoft Excel versions (affected versions not specified) Microsoft 365 Apps for Enterprise versions (affected versions not specified) Microsoft Office versions (affected versions not specified) Microsoft Office Long Term Servicing Channel versions (affected versions not specified) Microsoft Office Online Server versions (affected versions not specified)

Description: The issue is related to a lack of data sanitization at the management level in Microsoft Office packages, including Microsoft Excel. Exploitation of this issue may allow an attacker to execute arbitrary code using a specially crafted malicious file.

Recommendations: For Microsoft Excel, consider disabling the execution of external files until a patch is available. For Microsoft 365 Apps for Enterprise, restrict access to potentially vulnerable components to minimize the risk of exploitation. For Microsoft Office, Microsoft Office Long Term Servicing Channel, and Microsoft Office Online Server, avoid using potentially vulnerable features or modules until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.