16 matches found
CVE-2023-33140
CVE-2023-33140 concerns Microsoft OneNote spoofing. Connected sources provide concrete details: OneNote (example build 2305, 16.0.16501.20074 64-bit) is vulnerable to a spoofing vulnerability that requires a user to open a crafted file and click a crafted URL to spoof the UI. The vulnerability’s ...
CVE-2023-36769
Technical details about CVE-2023-36769 are not publicly provided in the supplied documents beyond generic labeling; no affected products, versions, root cause, or remediation specifics are included here. Monitor for updates.
CVE-2025-29822
CVE-2025-29822 affects Microsoft OneNote (Office) with an incomplete input validation in OneNote that allows local security feature bypass. The issue is classified as high severity (CVSS 3.1: 7.8; Local attack, no privileges required, user interaction required; impacts Confidentiality, Integrity,...
CVE-2023-21721
CVE-2023-21721 is a Microsoft OneNote vulnerability categorized as a spoofing/elevation-of-privilege issue. The referenced MSRC entry labels it as OneNote Spoofing Vulnerability, with a CVSSv3 base score of 6.5 (I = HIGH, A = NONE, C = NONE, V = NETWORK, UI = NONE, PR = LOW). The root cause is sp...
CVE-2017-8509
CVE-2017-8509 is an Office remote code execution vulnerability that arises when Office components mishandle objects in memory, allowing an attacker to take control of an affected system if a user opens a crafted Office file. Public details in connected documents indicate the vulnerability affects...
CVE-2004-0200
CVE-2004-0200 is a buffer-overflow vulnerability in the JPEG parsing engine of Microsoft GDI+ (GDIPlus.dll). The flaw allows remote code execution when a specially crafted JPEG image is processed, with the attack vector involving JPEG data that is mis-sized during a memory copy. The vulnerability...
CVE-2015-2503
CVE-2015-2503 is an Office Elevation of Privilege vulnerability that can be triggered via a crafted web site loaded in Internet Explorer to bypass sandbox protections and gain privileges. The initial CVE entry lists Microsoft Office 2007–2016 products (Word, Excel, PowerPoint, Access, InfoPath, V...
CVE-2024-41159
Microsoft OneNote for macOS CVE-2024-41159 is a library-injection vulnerability where a malicious library loaded via relative paths can leverage OneNote’s entitlements and permissions to bypass protections. Talos documents show OneNote loads libraries through relative paths and, despite Hardened ...
CVE-2025-21402
CVE-2025-21402 is a Microsoft Office OneNote remote code execution vulnerability. The NVD entry notes a HIGH risk with CVSS 3.1: Local attack vector, low attack complexity, user interaction required, and impact to confidentiality, integrity, and availability. Multiple connected sources corroborat...
CVE-2017-0197
CVE-2017-0197 affects Microsoft OneNote 2007 SP3 and OneNote 2010 SP2. A DLL loading remote code execution vulnerability exists: an attacker can cause arbitrary code execution by convincing a user to open a specially crafted OneNote document. The issue is triggered by improper DLL loading validat...
CVE-2006-3877
PowerPoint Malformed Record Memory Corruption Vulnerability (CVE-2006-3877) affects multiple Office suites. A remote code execution flaw exists when PowerPoint opens a specially crafted file with malformed records, allowing an attacker to gain full control of the affected system if the user runs ...
CVE-2016-3315
CVE-2016-3315 relates to Information Disclosure in Microsoft OneNote. Affected products include OneNote versions on Windows (2007 SP3, 2010 SP2, 2013 SP1, 2013 RT SP1, 2016) and OneNote 2016 for Mac. The vulnerability allows remote attackers to obtain sensitive memory contents by opening a crafte...
CVE-2007-0671
CVE-2007-0671 is a remote-code-execution vulnerability in Microsoft Office Excel (affecting Excel 2000/XP/2003 and Mac equivalents) where a specially crafted Excel file can trigger arbitrary code execution. The vulnerability arises from improper handling/parsing of office records, enabling remote...
CVE-2014-2815
CVE-2014-2815 affects Microsoft OneNote 2007 SP3. A crafted OneNote file can trigger execution of an arbitrary program by creating an executable in a startup folder, enabling remote code execution under the current user. CVSS v3.1 vector: AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H (base 8.8). Remediatio...
CVE-2008-3068
Microsoft Crypto API 5.131.2600.2180 through 6.0 (used in Outlook, Windows Live Mail, and Office 2007) performs CRL checks by using an arbitrary URL from a certificate embedded in an S/MIME email or a signed document via the Authority Information Access (AIA) extension. This allows remote attacke...
CVE-2026-26133
CVE-2026-26133 involves an AI command injection vulnerability in Microsoft 365 Copilot that can lead to unauthorized disclosure of information over a network. The CVSS 3.1 vector (AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:L/A:N) indicates a network-accessible issue with no privileges required but user intera...