An information disclosure vulnerability exists when Microsoft OneNote improperly discloses its memory contents. An attacker who exploited the vulnerability could use the information to compromise the user’s computer or data.
To exploit the vulnerability, an attacker could create a specially crafted OneNote file and convince a victim to open it. For an attack to be successful, the attacker must know the specific location of OneNote objects in memory.
The update addresses the vulnerability by changing the way certain OneNote functions handle objects in memory.