Lucene search
K
MicrosoftOnenote

16 matches found

CVE
CVE
•added 2023/06/13 11:26 p.m.•209 views

CVE-2023-33140

CVE-2023-33140 concerns Microsoft OneNote spoofing. Connected sources provide concrete details: OneNote (example build 2305, 16.0.16501.20074 64-bit) is vulnerable to a spoofing vulnerability that requires a user to open a crafted file and click a crafted URL to spoof the UI. The vulnerability’s ...

6.5CVSS6.5AI score0.01649EPSS
Web
CVE
CVE
•added 2023/11/06 10:51 p.m.•185 views

CVE-2023-36769

Technical details about CVE-2023-36769 are not publicly provided in the supplied documents beyond generic labeling; no affected products, versions, root cause, or remediation specifics are included here. Monitor for updates.

5.4CVSS4.8AI score0.00423EPSS
CVE
CVE
•added 2025/04/08 5:23 p.m.•175 views

CVE-2025-29822

CVE-2025-29822 affects Microsoft OneNote (Office) with an incomplete input validation in OneNote that allows local security feature bypass. The issue is classified as high severity (CVSS 3.1: 7.8; Local attack, no privileges required, user interaction required; impacts Confidentiality, Integrity,...

7.8CVSS7.1AI score0.0074EPSS
CVE
CVE
•added 2023/02/14 7:32 p.m.•167 views

CVE-2023-21721

CVE-2023-21721 is a Microsoft OneNote vulnerability categorized as a spoofing/elevation-of-privilege issue. The referenced MSRC entry labels it as OneNote Spoofing Vulnerability, with a CVSSv3 base score of 6.5 (I = HIGH, A = NONE, C = NONE, V = NETWORK, UI = NONE, PR = LOW). The root cause is sp...

6.5CVSS6.7AI score0.00882EPSS
CVE
CVE
•added 2017/06/15 1:0 a.m.•153 views

CVE-2017-8509

CVE-2017-8509 is an Office remote code execution vulnerability that arises when Office components mishandle objects in memory, allowing an attacker to take control of an affected system if a user opens a crafted Office file. Public details in connected documents indicate the vulnerability affects...

9.3CVSS7.2AI score0.18238EPSS
CVE
CVE
•added 2004/09/17 4:0 a.m.•149 views

CVE-2004-0200

CVE-2004-0200 is a buffer-overflow vulnerability in the JPEG parsing engine of Microsoft GDI+ (GDIPlus.dll). The flaw allows remote code execution when a specially crafted JPEG image is processed, with the attack vector involving JPEG data that is mis-sized during a memory copy. The vulnerability...

9.3CVSS7.6AI score0.49024EPSS
CVE
CVE
•added 2015/11/11 11:0 a.m.•114 views

CVE-2015-2503

CVE-2015-2503 is an Office Elevation of Privilege vulnerability that can be triggered via a crafted web site loaded in Internet Explorer to bypass sandbox protections and gain privileges. The initial CVE entry lists Microsoft Office 2007–2016 products (Word, Excel, PowerPoint, Access, InfoPath, V...

9.3CVSS6.8AI score0.1684EPSS
CVE
CVE
•added 2024/12/18 10:39 p.m.•114 views

CVE-2024-41159

Microsoft OneNote for macOS CVE-2024-41159 is a library-injection vulnerability where a malicious library loaded via relative paths can leverage OneNote’s entitlements and permissions to bypass protections. Talos documents show OneNote loads libraries through relative paths and, despite Hardened ...

7.1CVSS6.9AI score0.00818EPSS
CVE
CVE
•added 2025/01/14 6:4 p.m.•108 views

CVE-2025-21402

CVE-2025-21402 is a Microsoft Office OneNote remote code execution vulnerability. The NVD entry notes a HIGH risk with CVSS 3.1: Local attack vector, low attack complexity, user interaction required, and impact to confidentiality, integrity, and availability. Multiple connected sources corroborat...

7.8CVSS7.8AI score0.0065EPSS
CVE
CVE
•added 2017/04/12 2:0 p.m.•105 views

CVE-2017-0197

CVE-2017-0197 affects Microsoft OneNote 2007 SP3 and OneNote 2010 SP2. A DLL loading remote code execution vulnerability exists: an attacker can cause arbitrary code execution by convincing a user to open a specially crafted OneNote document. The issue is triggered by improper DLL loading validat...

9.3CVSS7.6AI score0.19075EPSS
CVE
CVE
•added 2006/10/10 10:0 p.m.•97 views

CVE-2006-3877

PowerPoint Malformed Record Memory Corruption Vulnerability (CVE-2006-3877) affects multiple Office suites. A remote code execution flaw exists when PowerPoint opens a specially crafted file with malformed records, allowing an attacker to gain full control of the affected system if the user runs ...

9.3CVSS7.1AI score0.12199EPSS
CVE
CVE
•added 2016/08/09 9:0 p.m.•94 views

CVE-2016-3315

CVE-2016-3315 relates to Information Disclosure in Microsoft OneNote. Affected products include OneNote versions on Windows (2007 SP3, 2010 SP2, 2013 SP1, 2013 RT SP1, 2016) and OneNote 2016 for Mac. The vulnerability allows remote attackers to obtain sensitive memory contents by opening a crafte...

5.5CVSS5.6AI score0.3015EPSS
CVE
CVE
•added 2007/02/03 1:0 a.m.•92 views

CVE-2007-0671

CVE-2007-0671 is a remote-code-execution vulnerability in Microsoft Office Excel (affecting Excel 2000/XP/2003 and Mac equivalents) where a specially crafted Excel file can trigger arbitrary code execution. The vulnerability arises from improper handling/parsing of office records, enabling remote...

9.3CVSS7.5AI score0.42139EPSS
In wild
CVE
CVE
•added 2014/08/12 9:0 p.m.•84 views

CVE-2014-2815

CVE-2014-2815 affects Microsoft OneNote 2007 SP3. A crafted OneNote file can trigger execution of an arbitrary program by creating an executable in a startup folder, enabling remote code execution under the current user. CVSS v3.1 vector: AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H (base 8.8). Remediatio...

9.3CVSS8.9AI score0.43777EPSS
CVE
CVE
•added 2008/07/07 11:0 p.m.•65 views

CVE-2008-3068

Microsoft Crypto API 5.131.2600.2180 through 6.0 (used in Outlook, Windows Live Mail, and Office 2007) performs CRL checks by using an arbitrary URL from a certificate embedded in an S/MIME email or a signed document via the Authority Information Access (AIA) extension. This allows remote attacke...

7.5CVSS6.7AI score0.17404EPSS
CVE
CVE
•added 2026/03/13 9:10 p.m.•52 views

CVE-2026-26133

CVE-2026-26133 involves an AI command injection vulnerability in Microsoft 365 Copilot that can lead to unauthorized disclosure of information over a network. The CVSS 3.1 vector (AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:L/A:N) indicates a network-accessible issue with no privileges required but user intera...

7.1CVSS5.8AI score0.00433EPSS