Microsoft Office OneNote Remote Code Execution Vulnerability

2024-02-1308:00:00

Microsoft

msrc.microsoft.com

microsoft

office

onenote

remote

code execution

vulnerability

CVSS3

7.8

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

AI Score

7.3

Confidence

Low

EPSS

0.001

Percentile

19.5%

JSON

Affected configurations

Vulners

Node

microsoftoffice_long_term_servicing_channelRange<https://aka.ms/OfficeSecurityReleases

microsoft365_appsRange<https://aka.ms/OfficeSecurityReleases

VendorProductVersionCPE
microsoftoffice_long_term_servicing_channel*cpe:2.3:a:microsoft:office_long_term_servicing_channel:*:*:*:*:*:*:*:*
microsoft365_apps*cpe:2.3:a:microsoft:365_apps:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
microsoft	office_long_term_servicing_channel	*	cpe:2.3:a:microsoft:office_long_term_servicing_channel::::::::
microsoft	365_apps	*	cpe:2.3:a:microsoft:365_apps::::::::