Microsoft OneNote Information Disclosure Vulnerability

2016-08-22T07:00:00
ID MS:CVE-2016-3315
Type mscve
Reporter Microsoft
Modified 2016-08-22T07:00:00

Description

An information disclosure vulnerability exists when Microsoft OneNote improperly discloses its memory contents. An attacker who exploited the vulnerability could use the information to compromise the user’s computer or data.

To exploit the vulnerability, an attacker could create a specially crafted OneNote file and convince a victim to open it. For an attack to be successful, the attacker must know the specific location of OneNote objects in memory.

The update addresses the vulnerability by changing the way certain OneNote functions handle objects in memory.