CVE-2021-40485: 
vulnerability analysis and mitigation

Microsoft Excel Remote Code Execution Vulnerability (CVE-2021-40485) was identified and disclosed on September 2, 2021. This vulnerability affects various versions of Microsoft Excel, Microsoft Office, and Microsoft 365 Apps Enterprise. The vulnerability is unique from similar vulnerabilities CVE-2021-40471, CVE-2021-40473, CVE-2021-40474, and CVE-2021-40479 (NVD).

The vulnerability has been assigned a CVSS v3.1 base score of 7.8 (HIGH) with the vector string CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H. Under CVSS v2.0, it received a base score of 6.8 (MEDIUM) with the vector (AV:N/AC:M/Au:N/C:P/I:P/A:P). The vulnerability is classified under CWE-94 (Improper Control of Generation of Code) (NVD).

This vulnerability could allow an attacker to execute remote code on the affected system, potentially gaining the same level of access rights as the logged-in user. The vulnerability affects confidentiality, integrity, and availability of the system, all rated as High under the CVSS v3.1 scoring system (NVD).

Microsoft has released security patches to address this vulnerability. The fixes are available through Microsoft's standard update channels for affected products including Microsoft Excel 2013 SP1, Excel 2016, Office 2019, and Office LTSC 2021 (NVD).