A specially crafted XLS file can cause a use after free condition, resulting in a remote code execution. An attacker needs to provide a malformed file to the victim to trigger the vulnerability. This specific bug lies in the component of Excel that handles the Microsoft Office HTML and XML file types, first introduced in Office 2000. Microsoft disclosed this vulnerability in this months Patch Tuesday. The vulnerability affects Microsoft Office Professional Plus 2016 x86, version 1909, build 12026.20334 and Microsoft Office 365 ProPlus x86.”]
Source: https://blog.talosintelligence.com/2020/02/vuln-spotlight-Excel-code-execution-feb-2020.html