Marcin “Icewall” Noga of Cisco Talos discovered this vulnerability.

Cisco Talos recently discovered a use-after-free vulnerability in the ConditionalFormatting functionality of Microsoft Office Excel 2019 that could allow an attacker to execute arbitrary code on the victim machine.

Microsoft disclosed and patched this vulnerability in the popular spreadsheet creation and editing platform as part of its monthly security update. You can read more about Patch Tuesday here. TALOS-2021-1259 (CVE-2021-40474) could be exploited by an attacker if they tricked the target into opening a specially crafted Excel file. Proper heap grooming on the attacker’s part could give them full control of this use-after-free vulnerability and, as a result, could allow it to be turned into arbitrary code execution.

Cisco Talos worked with Microsoft to ensure that this issue is resolved and an update is available for affected customers, all in adherence to Cisco’s vulnerability disclosure policy.

Users are advised to update the following software, which are tested and confirmed to be affected by this vulnerability: Microsoft Office Excel 2019 x86, version 2101, build 13628.20448 and Office Excel 365 x86, version 2008, build 13127.21216.

The following SNORTⓇ rules will detect exploitation attempts against this vulnerability: 52417 and 52418. Additional rules may be released in the future and current rules are subject to change, pending additional vulnerability information. For the most current rule information, please refer to your Firepower Management Center or Snort.org.