Four security vulnerabilities discovered in Microsoft Office suite could be potentially abused by bad actors to deliver attack code via Word and Excel documents. Three of the four flaws have been fixed by Microsoft as part of its Patch Tuesday update for May 2021. The vulnerabilities were found by fuzzing MSGraph, a relatively under-analyzed component in Office component that’s at par to Microsoft Equation Editor in terms of the attack surface. The vulnerability could be triggered as simply as opening a malicious Excel file that’s served via a download link or an email.
Source: https://thehackernews.com/2021/06/new-uaf-vulnerability-affecting.html