CVE-2021-31174: 
vulnerability analysis and mitigation

Microsoft Excel Information Disclosure Vulnerability (CVE-2021-31174) was disclosed on May 11, 2021. This vulnerability affects various versions of Microsoft Excel and Microsoft Office products, including Excel 2013 SP1, Excel 2016, Office 2013 SP1, Office 2016, Office 2019, and Microsoft 365 Apps Enterprise (NVD).

The vulnerability is classified as an Out-of-bounds Read (CWE-125) issue. It has been assigned a CVSS v3.1 Base Score of 5.5 (Medium) with the vector string CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N, indicating local access is required, low attack complexity, low privileges required, no user interaction needed, and potential for high confidentiality impact (NVD).

The vulnerability could lead to information disclosure in Microsoft Excel. The CVSS scoring indicates that while the vulnerability has high potential for confidentiality breach, it does not affect system integrity or availability (NVD).

Microsoft has released security updates to address this vulnerability. Users are advised to apply the security update KB5001918 for Excel 2016 and related patches for other affected versions. The updates are available through Microsoft Update, Microsoft Update Catalog, and Microsoft Download Center (Microsoft Support).