Cisco Talos recently discovered two vulnerabilities in the Microsoft Excel spreadsheet management software that could allow a malicious actor to execute arbitrary code on the targeted machine.
Microsoft disclosed these issues and patched them as part of June’s monthly security release for the company.
One of the vulnerabilities, TALOS-2023-1730 (CVE-2023-32029), exists in the FreePhisxdb function of Excel. An attacker could exploit this vulnerability by tricking the targeted user into opening a specially crafted file. Then, they can manipulate the heap to gain the ability to execute arbitrary code.
TALOS-2023-1734 (CVE-2023-33133) works similarly, but in this case, causes an out-of-bounds read that turns into an out-of-bounds write, which in turn, could lead to memory corruption and, finally, arbitrary code execution.
Microsoft noted that although these vulnerabilities are listed as “remote code execution,” the attack itself is carried out locally. Both vulnerabilities have a CVSS severity score of 7.8 out of 10 and are considered to be “less likely” to be exploited, according to Microsoft.
Cisco Talos worked with Microsoft to ensure that these issues are resolved and an update is available for affected customers, all in adherence to Cisco’s vulnerability disclosure policy.
Users are encouraged to update these affected products as soon as possible: Microsoft Office Excel 2019 Plus, version 16.0.16130.20218. Talos tested and confirmed this version of Excel could be exploited by these vulnerabilities.
The following Snort rules will detect exploitation attempts against these vulnerabilities: 61503, 61504, 61574 and 61575. Additional rules may be released in the future and current rules are subject to change, pending additional vulnerability information. For the most current rule information, please refer to your Cisco Secure Firewall or Snort.org.