Two remote code execution vulnerabilities disclosed in Microsoft Excel

Cisco Talos recently discovered two vulnerabilities in the Microsoft Excel spreadsheet management software that could allow a malicious actor to execute arbitrary code on the targeted machine.

Microsoft disclosed these issues and patched them as part of June’s monthly security release for the company.

One of the vulnerabilities, TALOS-2023-1730 (CVE-2023-32029), exists in the FreePhisxdb function of Excel. An attacker could exploit this vulnerability by tricking the targeted user into opening a specially crafted file. Then, they can manipulate the heap …

actor cisco cisco talos code code execution cve excel june machine malicious management microsoft microsoft excel release remote code remote code execution security software spreadsheet talos the company vulnerabilities