A specially crafted XLS file can trigger a use-after-free condition in Microsoft Excel. An attacker needs to provide a malformed file to the victim to trigger the vulnerability. Microsoft disclosed and patched the bug as part of their monthly security update Tuesday. The vulnerability affects Microsoft Excel for Microsoft Office 365 ProPlus x86, version 2002, build 12527.20988. The update is available for affected customers in affected versions of the software. For more on their updates, read the full blog here.”]
Source: https://blog.talosintelligence.com/2020/12/vulnerability-spotlight-excel-rce-dec-patch-tuesday.html