Search criteria
45 vulnerabilities found for onenote by microsoft
FKIE_CVE-2025-29822
Vulnerability from fkie_nvd - Published: 2025-04-08 18:16 - Updated: 2025-07-08 17:12
Severity ?
Summary
Incomplete list of disallowed inputs in Microsoft Office OneNote allows an unauthorized attacker to bypass a security feature locally.
References
| URL | Tags | ||
|---|---|---|---|
| secure@microsoft.com | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-29822 | Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| microsoft | office | 2019 | |
| microsoft | office | 2019 | |
| microsoft | office_long_term_servicing_channel | 2021 | |
| microsoft | office_long_term_servicing_channel | 2021 | |
| microsoft | office_long_term_servicing_channel | 2021 | |
| microsoft | office_long_term_servicing_channel | 2024 | |
| microsoft | office_long_term_servicing_channel | 2024 | |
| microsoft | office_long_term_servicing_channel | 2024 | |
| microsoft | onenote | - | |
| microsoft | onenote | 2016 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:microsoft:office:2019:*:*:*:*:*:x64:*",
"matchCriteriaId": "CF5DDD09-902E-4881-98D0-CB896333B4AA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:office:2019:*:*:*:*:*:x86:*",
"matchCriteriaId": "26A3B226-5D7C-4556-9350-5222DC8EFC2C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:office_long_term_servicing_channel:2021:*:*:*:*:-:x64:*",
"matchCriteriaId": "851BAC4E-9965-4F40-9A6C-B73D9004F4C1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:office_long_term_servicing_channel:2021:*:*:*:*:-:x86:*",
"matchCriteriaId": "23B2FA23-76F4-4D83-A718-B8D04D7EA37B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:office_long_term_servicing_channel:2021:*:*:*:*:macos:*:*",
"matchCriteriaId": "BF0E8112-5B6F-4E55-8E40-38ADCF6FC654",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:office_long_term_servicing_channel:2024:*:*:*:*:-:x64:*",
"matchCriteriaId": "D31E509A-0B2E-4B41-88C4-0099E800AFE6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:office_long_term_servicing_channel:2024:*:*:*:*:-:x86:*",
"matchCriteriaId": "017A7041-BEF1-4E4E-AC8A-EFC6AFEB01FE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:office_long_term_servicing_channel:2024:*:*:*:*:macos:*:*",
"matchCriteriaId": "EF3E56B5-E6A6-4061-9380-D421E52B9199",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:onenote:-:*:*:*:*:macos:*:*",
"matchCriteriaId": "C4EC14DE-82C6-495B-BFD8-8D1FA781D50F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:onenote:2016:*:*:*:*:*:*:*",
"matchCriteriaId": "80F1EA3D-FD2D-4CB2-A93A-DFAD3187AFC3",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Incomplete list of disallowed inputs in Microsoft Office OneNote allows an unauthorized attacker to bypass a security feature locally."
},
{
"lang": "es",
"value": "La lista incompleta de entradas no permitidas en Microsoft Office OneNote permite que un atacante no autorizado eluda una funci\u00f3n de seguridad localmente."
}
],
"id": "CVE-2025-29822",
"lastModified": "2025-07-08T17:12:21.260",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"source": "secure@microsoft.com",
"type": "Secondary"
}
]
},
"published": "2025-04-08T18:16:08.023",
"references": [
{
"source": "secure@microsoft.com",
"tags": [
"Vendor Advisory"
],
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-29822"
}
],
"sourceIdentifier": "secure@microsoft.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-184"
}
],
"source": "secure@microsoft.com",
"type": "Secondary"
}
]
}
FKIE_CVE-2025-21402
Vulnerability from fkie_nvd - Published: 2025-01-14 18:16 - Updated: 2025-01-27 18:34
Severity ?
Summary
Microsoft Office OneNote Remote Code Execution Vulnerability
References
| URL | Tags | ||
|---|---|---|---|
| secure@microsoft.com | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-21402 | Patch, Vendor Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:microsoft:office:2021:*:*:*:ltsc:macos:*:*",
"matchCriteriaId": "0DF36AFA-B48C-4423-AD1C-78EEFF85EF2C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:office:2024:*:*:*:ltsc:macos:*:*",
"matchCriteriaId": "873BD998-9D5A-4C09-A3B3-4DB12ABB6F72",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:onenote:-:*:*:*:*:macos:*:*",
"matchCriteriaId": "C4EC14DE-82C6-495B-BFD8-8D1FA781D50F",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Microsoft Office OneNote Remote Code Execution Vulnerability"
},
{
"lang": "es",
"value": "Vulnerabilidad de ejecuci\u00f3n remota de c\u00f3digo en Microsoft Office OneNote"
}
],
"id": "CVE-2025-21402",
"lastModified": "2025-01-27T18:34:23.127",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"source": "secure@microsoft.com",
"type": "Secondary"
}
]
},
"published": "2025-01-14T18:16:04.190",
"references": [
{
"source": "secure@microsoft.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-21402"
}
],
"sourceIdentifier": "secure@microsoft.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-641"
}
],
"source": "secure@microsoft.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2024-41159
Vulnerability from fkie_nvd - Published: 2024-12-18 23:15 - Updated: 2025-08-25 14:02
Severity ?
7.1 (High) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
7.1 (High) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
7.1 (High) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
Summary
A library injection vulnerability exists in Microsoft OneNote 16.83 for macOS. A specially crafted library can leverage OneNote's access privileges, leading to a permission bypass. A malicious application could inject a library and start the program to trigger this vulnerability and then make use of the vulnerable application's permissions.
References
| URL | Tags | ||
|---|---|---|---|
| talos-cna@cisco.com | https://talosintelligence.com/vulnerability_reports/TALOS-2024-1975 | Exploit, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.talosintelligence.com/vulnerability_reports/TALOS-2024-1975 | Exploit, Third Party Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:microsoft:onenote:16.83:*:*:*:*:macos:*:*",
"matchCriteriaId": "EABF5413-6E0D-4762-9718-8016F14034E1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A library injection vulnerability exists in Microsoft OneNote 16.83 for macOS. A specially crafted library can leverage OneNote\u0027s access privileges, leading to a permission bypass. A malicious application could inject a library and start the program to trigger this vulnerability and then make use of the vulnerable application\u0027s permissions."
},
{
"lang": "es",
"value": "Existe una vulnerabilidad de inyecci\u00f3n de librer\u00eda en Microsoft OneNote 16.83 para macOS. Una librer\u00eda especialmente manipulada puede aprovechar los privilegios de acceso de OneNote, lo que lleva a una omisi\u00f3n de permisos. Una aplicaci\u00f3n malintencionada podr\u00eda inyectar una librer\u00eda e iniciar el programa para activar esta vulnerabilidad y luego hacer uso de los permisos de la aplicaci\u00f3n vulnerable."
}
],
"id": "CVE-2024-41159",
"lastModified": "2025-08-25T14:02:49.380",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 7.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 5.2,
"source": "talos-cna@cisco.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 7.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 5.2,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2024-12-18T23:15:08.140",
"references": [
{
"source": "talos-cna@cisco.com",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://talosintelligence.com/vulnerability_reports/TALOS-2024-1975"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2024-1975"
}
],
"sourceIdentifier": "talos-cna@cisco.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-347"
}
],
"source": "talos-cna@cisco.com",
"type": "Secondary"
}
]
}
FKIE_CVE-2023-36769
Vulnerability from fkie_nvd - Published: 2023-11-06 23:15 - Updated: 2025-02-28 20:15
Severity ?
4.6 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N
5.4 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
5.4 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
Summary
Microsoft OneNote Spoofing Vulnerability
References
| URL | Tags | ||
|---|---|---|---|
| secure@microsoft.com | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36769 | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36769 | Patch, Vendor Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:microsoft:onenote:2013:sp1:*:*:-:*:*:*",
"matchCriteriaId": "B387F71D-A159-4960-9C4D-62EDBAAFC02C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:onenote:2013:sp1:*:*:rt:*:*:*",
"matchCriteriaId": "BBB1E19F-6870-429A-AB66-D7BBF3845AA2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:onenote:2016:*:*:*:*:*:*:*",
"matchCriteriaId": "80F1EA3D-FD2D-4CB2-A93A-DFAD3187AFC3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:onenote:2019:*:*:*:*:*:*:*",
"matchCriteriaId": "FAD3B005-5BCF-49F2-978E-9095006A708C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:onenote:2021:*:*:*:ltsc:*:*:*",
"matchCriteriaId": "188051CE-EEDE-4D08-87E9-396CA06271CC",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Microsoft OneNote Spoofing Vulnerability"
},
{
"lang": "es",
"value": "Vulnerabilidad de suplantaci\u00f3n de identidad en Microsoft OneNote"
}
],
"id": "CVE-2023-36769",
"lastModified": "2025-02-28T20:15:45.007",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.6,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.1,
"impactScore": 2.5,
"source": "secure@microsoft.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-11-06T23:15:10.373",
"references": [
{
"source": "secure@microsoft.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36769"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36769"
}
],
"sourceIdentifier": "secure@microsoft.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-290"
}
],
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
}
FKIE_CVE-2023-33140
Vulnerability from fkie_nvd - Published: 2023-06-14 00:15 - Updated: 2025-04-10 19:19
Severity ?
6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
Summary
Microsoft OneNote Spoofing Vulnerability
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:microsoft:onenote:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E92C5E61-C3A9-46BE-ABA1-2B83E68F9929",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Microsoft OneNote Spoofing Vulnerability"
}
],
"id": "CVE-2023-33140",
"lastModified": "2025-04-10T19:19:37.367",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6,
"source": "secure@microsoft.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-06-14T00:15:12.433",
"references": [
{
"source": "secure@microsoft.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-33140"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://github.com/WlX-33/PoC-for-CVE/blob/main/CVE-2023-33140/Microsoft%20OneNote%20(Version%202305%20Build%2016.0.16501.20074)%2064-bit%20-%20Spoofing%20Vulnerability.txt"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-33140"
}
],
"sourceIdentifier": "secure@microsoft.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-290"
}
],
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
}
FKIE_CVE-2023-21721
Vulnerability from fkie_nvd - Published: 2023-02-14 20:15 - Updated: 2024-11-21 07:43
Severity ?
Summary
Microsoft OneNote Elevation of Privilege Vulnerability
References
| URL | Tags | ||
|---|---|---|---|
| secure@microsoft.com | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-21721 | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-21721 | Patch, Vendor Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:microsoft:onenote:*:*:*:*:*:android:*:*",
"matchCriteriaId": "4FB4760C-41F5-4D36-AB69-163AD6B9E158",
"versionEndExcluding": "16.0.16026.20158",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Microsoft OneNote Elevation of Privilege Vulnerability"
}
],
"id": "CVE-2023-21721",
"lastModified": "2024-11-21T07:43:30.490",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6,
"source": "secure@microsoft.com",
"type": "Secondary"
}
]
},
"published": "2023-02-14T20:15:14.680",
"references": [
{
"source": "secure@microsoft.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-21721"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-21721"
}
],
"sourceIdentifier": "secure@microsoft.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-287"
}
],
"source": "secure@microsoft.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2017-8509
Vulnerability from fkie_nvd - Published: 2017-06-15 01:29 - Updated: 2025-04-20 01:37
Severity ?
Summary
A remote code execution vulnerability exists in Microsoft Office when the software fails to properly handle objects in memory, aka "Office Remote Code Execution Vulnerability". This CVE ID is unique from CVE-2017-8510, CVE-2017-8511, CVE-2017-8512, CVE-2017-0260, and CVE-2017-8506.
References
| URL | Tags | ||
|---|---|---|---|
| secure@microsoft.com | http://www.securityfocus.com/bid/98812 | Third Party Advisory, VDB Entry | |
| secure@microsoft.com | https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8509 | Mitigation, Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/98812 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8509 | Mitigation, Patch, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| microsoft | office | 2007 | |
| microsoft | office | 2010 | |
| microsoft | office | 2013 | |
| microsoft | office | 2016 | |
| microsoft | office_compatibility_pack | - | |
| microsoft | office_web_apps | 2010 | |
| microsoft | office_web_apps_server | 2013 | |
| microsoft | onenote | 2010 | |
| microsoft | sharepoint_server | 2010 | |
| microsoft | sharepoint_server | 2013 | |
| microsoft | sharepoint_server | 2016 | |
| microsoft | word | 2007 | |
| microsoft | word | 2010 | |
| microsoft | word | 2013 | |
| microsoft | word | 2013 | |
| microsoft | word | 2016 | |
| microsoft | word_for_mac | 2016 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:microsoft:office:2007:sp3:*:*:*:*:*:*",
"matchCriteriaId": "FEECD12A-5BEF-4675-B62E-86CF4A7474D7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:office:2010:sp2:*:*:*:*:*:*",
"matchCriteriaId": "081DE1E3-4622-4C32-8B9C-9AEC1CD20638",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:office:2013:sp1:*:*:*:*:*:*",
"matchCriteriaId": "120690A6-E0A1-4E36-A35A-C87109ECC064",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:office:2016:*:*:*:*:*:*:*",
"matchCriteriaId": "E0B3B0BC-C7C6-4687-AD72-DCA29FF9AE3A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:office_compatibility_pack:-:sp3:*:*:*:*:*:*",
"matchCriteriaId": "71AF058A-2E5D-4B11-88DB-8903C64B13C1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:office_web_apps:2010:*:*:*:*:*:*:*",
"matchCriteriaId": "FEAB1E34-AAEE-4C01-8FA8-6099A74F0731",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:office_web_apps_server:2013:*:*:*:*:*:*:*",
"matchCriteriaId": "69B10C34-0A0D-4CDD-A2F1-A751B90F4C99",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:onenote:2010:*:*:*:*:*:*:*",
"matchCriteriaId": "DE50A4D0-ABF4-4EB2-AF63-C8D7E9920099",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:sharepoint_server:2010:sp2:*:*:*:*:*:*",
"matchCriteriaId": "9A57C675-05A9-4BC2-AE95-7CA5CA6B1F73",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:sharepoint_server:2013:sp1:*:*:*:*:*:*",
"matchCriteriaId": "16F33176-442C-4EFF-8EA0-C640D203B939",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:sharepoint_server:2016:*:*:*:*:*:*:*",
"matchCriteriaId": "B850873B-E635-439C-9720-8BBE59120EE1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:word:2007:sp3:*:*:*:*:*:*",
"matchCriteriaId": "7D006508-BFB0-4F21-A361-3DA644F51D8A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:word:2010:sp2:*:*:*:*:*:*",
"matchCriteriaId": "24EEDAD9-9656-4B21-82E4-D60B83777492",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:word:2013:sp1:*:*:*:*:*:*",
"matchCriteriaId": "32E1400A-836A-4E48-B2CD-2B0A9A8241BA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:word:2013:sp1:*:*:rt:*:*:*",
"matchCriteriaId": "45E21528-4B0F-4A6F-82AD-DF7FDBF67C8F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:word:2016:*:*:*:*:*:*:*",
"matchCriteriaId": "4DA042D4-B14E-4DDF-8423-DFB255679EFE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:word_for_mac:2016:*:*:*:*:*:*:*",
"matchCriteriaId": "A06E1824-01B6-4BAE-9789-B0D3776915B9",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A remote code execution vulnerability exists in Microsoft Office when the software fails to properly handle objects in memory, aka \"Office Remote Code Execution Vulnerability\". This CVE ID is unique from CVE-2017-8510, CVE-2017-8511, CVE-2017-8512, CVE-2017-0260, and CVE-2017-8506."
},
{
"lang": "es",
"value": "Se presenta una vulnerabilidad de ejecuci\u00f3n de c\u00f3digo remota en Microsoft Office cuando el software no maneja apropiadamente los objetos en la memoria, tambi\u00e9n se conoce como \"Office Remote Code Execution Vulnerability\". El ID de este CVE es diferente de CVE-2017-8510, CVE-2017-8511, CVE-2017-8512, CVE-2017-0260 y CVE-2017-8506."
}
],
"id": "CVE-2017-8509",
"lastModified": "2025-04-20T01:37:25.860",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 9.3,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-06-15T01:29:03.820",
"references": [
{
"source": "secure@microsoft.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/98812"
},
{
"source": "secure@microsoft.com",
"tags": [
"Mitigation",
"Patch",
"Vendor Advisory"
],
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8509"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/98812"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mitigation",
"Patch",
"Vendor Advisory"
],
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8509"
}
],
"sourceIdentifier": "secure@microsoft.com",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2017-0197
Vulnerability from fkie_nvd - Published: 2017-04-12 14:59 - Updated: 2025-04-20 01:37
Severity ?
Summary
Microsoft OneNote 2007 SP3 and Microsoft OneNote 2010 SP2 allow remote attackers to execute arbitrary code via a crafted document, aka "Microsoft Office DLL Loading Vulnerability."
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:microsoft:onenote:2007:sp3:*:*:*:*:*:*",
"matchCriteriaId": "83434795-4772-48E2-B604-9AAC6ECDE0B7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:onenote:2010:sp2:*:*:*:*:*:*",
"matchCriteriaId": "18AE1481-1E92-42F9-9E2E-C9C19353E580",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Microsoft OneNote 2007 SP3 and Microsoft OneNote 2010 SP2 allow remote attackers to execute arbitrary code via a crafted document, aka \"Microsoft Office DLL Loading Vulnerability.\""
},
{
"lang": "es",
"value": "Microsoft OneNote 2007 SP3 y Microsoft OneNote 2010 SP2 permiten a los atacantes remotos ejecutar c\u00f3digo arbitrario a trav\u00e9s de un documento manipulado, vulnerabilidad tambi\u00e9n conocida como \"Microsoft Office DLL Loading Vulnerability\"."
}
],
"id": "CVE-2017-0197",
"lastModified": "2025-04-20T01:37:25.860",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 9.3,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-04-12T14:59:01.123",
"references": [
{
"source": "secure@microsoft.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/97411"
},
{
"source": "secure@microsoft.com",
"url": "http://www.securitytracker.com/id/1038241"
},
{
"source": "secure@microsoft.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0197"
},
{
"source": "secure@microsoft.com",
"tags": [
"Third Party Advisory"
],
"url": "https://twitter.com/buffaloverflow/status/852937040480149505"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/97411"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securitytracker.com/id/1038241"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0197"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://twitter.com/buffaloverflow/status/852937040480149505"
}
],
"sourceIdentifier": "secure@microsoft.com",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-20"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2016-3315
Vulnerability from fkie_nvd - Published: 2016-08-09 21:59 - Updated: 2025-04-12 10:46
Severity ?
Summary
Microsoft OneNote 2007 SP3, 2010 SP2, 2013 SP1, 2013 RT SP1, 2016, and 2016 for Mac allow remote attackers to obtain sensitive information via a crafted OneNote file, aka "Microsoft OneNote Information Disclosure Vulnerability."
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:microsoft:onenote:2007:sp3:*:*:*:*:*:*",
"matchCriteriaId": "83434795-4772-48E2-B604-9AAC6ECDE0B7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:onenote:2010:sp2:*:*:*:*:*:*",
"matchCriteriaId": "18AE1481-1E92-42F9-9E2E-C9C19353E580",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:onenote:2013:sp1:*:*:*:*:*:*",
"matchCriteriaId": "FE03F7A7-90F4-4D41-9529-B36937CD94D2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:onenote:2013:sp1:*:*:rt:*:*:*",
"matchCriteriaId": "BBB1E19F-6870-429A-AB66-D7BBF3845AA2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:onenote:2016:*:*:*:*:*:*:*",
"matchCriteriaId": "80F1EA3D-FD2D-4CB2-A93A-DFAD3187AFC3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:onenote_for_mac:2016:*:*:*:*:*:*:*",
"matchCriteriaId": "91F0608A-554C-489C-859F-49A8F895D27A",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Microsoft OneNote 2007 SP3, 2010 SP2, 2013 SP1, 2013 RT SP1, 2016, and 2016 for Mac allow remote attackers to obtain sensitive information via a crafted OneNote file, aka \"Microsoft OneNote Information Disclosure Vulnerability.\""
},
{
"lang": "es",
"value": "Microsoft OneNote 2007 SP3, 2010 SP2, 2013 SP1, 2013 RT SP1, 2016 y 2016 para Mac permiten a atacantes remotos obtener informaci\u00f3n sensible a trav\u00e9s de un archivo OneNote manipulado, tambi\u00e9n conocida como \"Microsoft OneNote Information Disclosure Vulnerability\"."
}
],
"id": "CVE-2016-3315",
"lastModified": "2025-04-12T10:46:40.837",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"version": "3.0"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2016-08-09T21:59:21.677",
"references": [
{
"source": "secure@microsoft.com",
"url": "http://www.securityfocus.com/bid/92294"
},
{
"source": "secure@microsoft.com",
"url": "http://www.securitytracker.com/id/1036559"
},
{
"source": "secure@microsoft.com",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-099"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/92294"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securitytracker.com/id/1036559"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-099"
}
],
"sourceIdentifier": "secure@microsoft.com",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-200"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2015-2503
Vulnerability from fkie_nvd - Published: 2015-11-11 11:59 - Updated: 2025-04-12 10:46
Severity ?
Summary
Microsoft Access 2007 SP3, Excel 2007 SP3, InfoPath 2007 SP3, OneNote 2007 SP3, PowerPoint 2007 SP3, Project 2007 SP3, Publisher 2007 SP3, Visio 2007 SP3, Word 2007 SP3, Office 2007 IME (Japanese) SP3, Access 2010 SP2, Excel 2010 SP2, InfoPath 2010 SP2, OneNote 2010 SP2, PowerPoint 2010 SP2, Project 2010 SP2, Publisher 2010 SP2, Visio 2010 SP2, Word 2010 SP2, Pinyin IME 2010, Access 2013 SP1, Excel 2013 SP1, InfoPath 2013 SP1, OneNote 2013 SP1, PowerPoint 2013 SP1, Project 2013 SP1, Publisher 2013 SP1, Visio 2013 SP1, Word 2013 SP1, Excel 2013 RT SP1, OneNote 2013 RT SP1, PowerPoint 2013 RT SP1, Word 2013 RT SP1, Access 2016, Excel 2016, OneNote 2016, PowerPoint 2016, Project 2016, Publisher 2016, Visio 2016, Word 2016, Skype for Business 2016, and Lync 2013 SP1 allow remote attackers to bypass a sandbox protection mechanism and gain privileges via a crafted web site that is accessed with Internet Explorer, as demonstrated by a transition from Low Integrity to Medium Integrity, aka "Microsoft Office Elevation of Privilege Vulnerability."
References
| URL | Tags | ||
|---|---|---|---|
| secure@microsoft.com | http://www.securitytracker.com/id/1034117 | Third Party Advisory, VDB Entry | |
| secure@microsoft.com | http://www.securitytracker.com/id/1034119 | Third Party Advisory, VDB Entry | |
| secure@microsoft.com | http://www.securitytracker.com/id/1034122 | Third Party Advisory, VDB Entry | |
| secure@microsoft.com | https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-116 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securitytracker.com/id/1034117 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securitytracker.com/id/1034119 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securitytracker.com/id/1034122 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-116 |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:microsoft:access:2007:sp3:*:*:*:*:*:*",
"matchCriteriaId": "AAB5D3AF-369A-48A0-BFA1-9F0D1ACE1F95",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:access:2010:sp2:*:*:*:*:*:*",
"matchCriteriaId": "7122C5BF-C7C8-4B20-AACF-03F0ED83A7A4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:access:2013:sp1:*:*:*:*:*:*",
"matchCriteriaId": "3E995599-F698-4E73-9401-4CA47FADFCBE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:access:2016:*:*:*:*:*:*:*",
"matchCriteriaId": "0E42DC73-F1D0-47CD-BED8-DB2C6E044E2D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:excel:2007:sp3:*:*:*:*:*:*",
"matchCriteriaId": "94F5E2F8-0D37-4FCC-B55A-9F09C421272C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:excel:2010:sp2:*:*:*:*:x64:*",
"matchCriteriaId": "5E01525C-A3AB-4AB7-82F9-B91E4D552FD7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:excel:2010:sp2:*:*:*:*:x86:*",
"matchCriteriaId": "E28626D8-AF3A-487F-BAAB-3955E44D2A35",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:excel:2013:sp1:*:*:*:*:*:*",
"matchCriteriaId": "F564117D-450D-45C4-9688-AF35F630A8A7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:excel:2013:sp1:*:*:rt:*:*:*",
"matchCriteriaId": "3A062169-527E-43DA-8AE0-FD4FBA1B2A9B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:excel:2016:*:*:*:*:*:*:*",
"matchCriteriaId": "09BF0981-749E-470B-A7AC-95AD087797EF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:infopath:2007:sp3:*:*:*:*:*:*",
"matchCriteriaId": "4C919D14-520A-4C10-850F-14AA80BF4B4A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:infopath:2010:sp2:*:*:*:*:*:*",
"matchCriteriaId": "DA2DE6A4-A857-4BE3-B7EA-3C3A6B05DFF5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:infopath:2013:sp1:*:*:*:*:*:*",
"matchCriteriaId": "C1273DC0-2188-4D5C-963D-761683B93A5A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:lync:2013:sp1:*:*:*:*:*:*",
"matchCriteriaId": "8B854E18-7CB0-43F7-9EBF-E356FA176B2F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:office_2007_ime:sp3:*:*:ja:*:*:*:*",
"matchCriteriaId": "ABB6C9AE-3F75-4F94-A295-A5A31A2BE0F0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:onenote:2007:sp3:*:*:*:*:*:*",
"matchCriteriaId": "83434795-4772-48E2-B604-9AAC6ECDE0B7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:onenote:2010:sp2:*:*:*:*:*:*",
"matchCriteriaId": "18AE1481-1E92-42F9-9E2E-C9C19353E580",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:onenote:2013:sp1:*:*:*:*:*:*",
"matchCriteriaId": "FE03F7A7-90F4-4D41-9529-B36937CD94D2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:onenote:2013:sp1:*:*:rt:*:*:*",
"matchCriteriaId": "BBB1E19F-6870-429A-AB66-D7BBF3845AA2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:onenote:2016:*:*:*:*:*:*:*",
"matchCriteriaId": "80F1EA3D-FD2D-4CB2-A93A-DFAD3187AFC3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:pinyin_ime:2010:*:*:*:*:*:*:*",
"matchCriteriaId": "B73F56F0-4983-48F8-A34B-CBA8B023AE62",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:powerpoint:2007:sp3:*:*:*:*:*:*",
"matchCriteriaId": "AE2E98C5-71A4-4014-AFC4-5438FEC196D2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:powerpoint:2010:sp2:*:*:*:*:*:*",
"matchCriteriaId": "9CCB2D72-B779-4772-8F72-7177E3F47A92",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:powerpoint:2013:sp1:*:*:*:*:*:*",
"matchCriteriaId": "BA6E71BA-0EBA-40EE-8B81-92C6DECE8DB3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:powerpoint:2013:sp1:*:*:rt:*:*:*",
"matchCriteriaId": "36A1FA52-BFBD-4C88-9CBE-B68E55C75726",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:powerpoint:2016:*:*:*:*:*:*:*",
"matchCriteriaId": "C971A8FC-3897-496D-BB9A-9E6C8A03AEA1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:project:2007:sp3:*:*:*:*:*:*",
"matchCriteriaId": "904623F9-BEC4-4D9C-AC7E-AFBFFDF928CD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:project:2016:*:*:*:*:*:*:*",
"matchCriteriaId": "5AA3A3C2-DB00-4095-B445-5A5041EB3194",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:project_server:2010:sp2:*:*:*:*:*:*",
"matchCriteriaId": "0B02D845-F95D-44D7-AB4C-2E464C3AB783",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:project_server:2013:sp1:*:*:*:*:*:*",
"matchCriteriaId": "597153BC-B8A7-45E5-AE3F-D897FAE4C7FB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:publisher:2007:sp3:*:*:*:*:*:*",
"matchCriteriaId": "8AB29E20-496D-4CDA-918B-40E4ABB3ECBD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:publisher:2010:sp2:*:*:*:*:*:*",
"matchCriteriaId": "78E9611F-1DE1-4FB2-9C70-16602FFC73C7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:publisher:2013:sp1:*:*:*:*:*:*",
"matchCriteriaId": "EB39B6EE-BC01-4D21-A3D8-CDDA268C55FF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:publisher:2016:*:*:*:*:*:*:*",
"matchCriteriaId": "AB3AA120-CE06-40A3-ADC4-C42077509287",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:skype_for_business:2016:*:*:*:*:*:*:*",
"matchCriteriaId": "D499807D-91F3-447D-B9F0-D612898C9339",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:visio:2007:sp3:*:*:*:*:*:*",
"matchCriteriaId": "387D78BD-2368-4525-BFC2-52149585E1F0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:visio:2010:sp2:*:*:*:*:*:*",
"matchCriteriaId": "ED0408B6-4FB5-45E9-AD27-301FC383152D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:visio:2013:sp1:*:*:*:*:*:*",
"matchCriteriaId": "87EBA8C7-E317-4EFD-B1AA-DD6A8B0DFDCC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:visio:2016:*:*:*:*:*:*:*",
"matchCriteriaId": "89229922-0836-4CC2-AED2-107C3142D0EA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:word:2007:sp3:*:*:*:*:*:*",
"matchCriteriaId": "7D006508-BFB0-4F21-A361-3DA644F51D8A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:word:2010:sp2:*:*:*:*:*:*",
"matchCriteriaId": "24EEDAD9-9656-4B21-82E4-D60B83777492",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:word:2013:sp1:*:*:*:*:*:*",
"matchCriteriaId": "32E1400A-836A-4E48-B2CD-2B0A9A8241BA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:word:2013:sp1:*:*:rt:*:*:*",
"matchCriteriaId": "45E21528-4B0F-4A6F-82AD-DF7FDBF67C8F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:word:2016:*:*:*:*:*:*:*",
"matchCriteriaId": "4DA042D4-B14E-4DDF-8423-DFB255679EFE",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Microsoft Access 2007 SP3, Excel 2007 SP3, InfoPath 2007 SP3, OneNote 2007 SP3, PowerPoint 2007 SP3, Project 2007 SP3, Publisher 2007 SP3, Visio 2007 SP3, Word 2007 SP3, Office 2007 IME (Japanese) SP3, Access 2010 SP2, Excel 2010 SP2, InfoPath 2010 SP2, OneNote 2010 SP2, PowerPoint 2010 SP2, Project 2010 SP2, Publisher 2010 SP2, Visio 2010 SP2, Word 2010 SP2, Pinyin IME 2010, Access 2013 SP1, Excel 2013 SP1, InfoPath 2013 SP1, OneNote 2013 SP1, PowerPoint 2013 SP1, Project 2013 SP1, Publisher 2013 SP1, Visio 2013 SP1, Word 2013 SP1, Excel 2013 RT SP1, OneNote 2013 RT SP1, PowerPoint 2013 RT SP1, Word 2013 RT SP1, Access 2016, Excel 2016, OneNote 2016, PowerPoint 2016, Project 2016, Publisher 2016, Visio 2016, Word 2016, Skype for Business 2016, and Lync 2013 SP1 allow remote attackers to bypass a sandbox protection mechanism and gain privileges via a crafted web site that is accessed with Internet Explorer, as demonstrated by a transition from Low Integrity to Medium Integrity, aka \"Microsoft Office Elevation of Privilege Vulnerability.\""
},
{
"lang": "es",
"value": "Microsoft Access 2007 SP3, Excel 2007 SP3, InfoPath 2007 SP3, OneNote 2007 SP3, PowerPoint 2007 SP3, Project 2007 SP3, Publisher 2007 SP3, Visio 2007 SP3, Word 2007 SP3, Office 2007 IME (Japon\u00e9s) SP3, Access 2010 SP2, Excel 2010 SP2, InfoPath 2010 SP2, OneNote 2010 SP2, PowerPoint 2010 SP2, Project 2010 SP2, Publisher 2010 SP2, Visio 2010 SP2, Word 2010 SP2, Pinyin IME 2010, Access 2013 SP1, Excel 2013 SP1, InfoPath 2013 SP1, OneNote 2013 SP1, PowerPoint 2013 SP1, Project 2013 SP1, Publisher 2013 SP1, Visio 2013 SP1, Word 2013 SP1, Excel 2013 RT SP1, OneNote 2013 RT SP1, PowerPoint 2013 RT SP1, Word 2013 RT SP1, Access 2016, Excel 2016, OneNote 2016, PowerPoint 2016, Project 2016, Publisher 2016, Visio 2016, Word 2016, Skype for Business 2016 y Lync 2013 SP1 permiten a atacantes remotos eludir un mecanismo de protecci\u00f3n sandbox y obtener privilegios a trav\u00e9s de una p\u00e1gina web manipulada a la que se accede con Internet Explorer, seg\u00fan lo demostrado por una transici\u00f3n de Low Integrity a Medium Integrity, tambi\u00e9n conocida como \u0027Microsoft Office Elevation of Privilege Vulnerability\u0027."
}
],
"id": "CVE-2015-2503",
"lastModified": "2025-04-12T10:46:40.837",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 9.3,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2015-11-11T11:59:18.423",
"references": [
{
"source": "secure@microsoft.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1034117"
},
{
"source": "secure@microsoft.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1034119"
},
{
"source": "secure@microsoft.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1034122"
},
{
"source": "secure@microsoft.com",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-116"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1034117"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1034119"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1034122"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-116"
}
],
"sourceIdentifier": "secure@microsoft.com",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-264"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
CVE-2025-29822 (GCVE-0-2025-29822)
Vulnerability from cvelistv5 – Published: 2025-04-08 17:23 – Updated: 2025-06-04 17:52
VLAI?
Summary
Incomplete list of disallowed inputs in Microsoft Office OneNote allows an unauthorized attacker to bypass a security feature locally.
Severity ?
CWE
- CWE-184 - Incomplete List of Disallowed Inputs
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | |||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Microsoft | Microsoft Office 2019 |
Affected:
19.0.0 , < https://aka.ms/OfficeSecurityReleases
(custom)
|
|||||||||||||||||||||||||||||||||||||
|
|||||||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-29822",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-08T20:13:35.512534Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-04-08T20:22:56.573Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"platforms": [
"32-bit Systems",
"x64-based Systems"
],
"product": "Microsoft Office 2019",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "https://aka.ms/OfficeSecurityReleases",
"status": "affected",
"version": "19.0.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"32-bit Systems",
"x64-based Systems"
],
"product": "Microsoft 365 Apps for Enterprise",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "https://aka.ms/OfficeSecurityReleases",
"status": "affected",
"version": "16.0.1",
"versionType": "custom"
}
]
},
{
"platforms": [
"x64-based Systems",
"32-bit Systems"
],
"product": "Microsoft Office LTSC 2021",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "https://aka.ms/OfficeSecurityReleases",
"status": "affected",
"version": "16.0.1",
"versionType": "custom"
}
]
},
{
"platforms": [
"Unknown"
],
"product": "Microsoft OneNote",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "16.96.25033028",
"status": "affected",
"version": "1.0.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"32-bit Systems",
"x64-based Systems"
],
"product": "Microsoft Office LTSC 2024",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "https://aka.ms/OfficeSecurityReleases",
"status": "affected",
"version": "1.0.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"32-bit Systems",
"x64-based Systems"
],
"product": "Microsoft OneNote 2016",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "16.0.5495.1001",
"status": "affected",
"version": "16.0.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"Unknown"
],
"product": "Microsoft Office LTSC for Mac 2024",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "16.96.25041326",
"status": "affected",
"version": "1.0.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"Unknown"
],
"product": "Microsoft Office LTSC for Mac 2021",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "16.96.25041326",
"status": "affected",
"version": "16.0.1",
"versionType": "custom"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:microsoft:office_2019:*:*:*:*:*:*:*:*",
"versionEndExcluding": "https://aka.ms/OfficeSecurityReleases",
"versionStartIncluding": "19.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:365_apps:*:*:*:*:enterprise:*:*:*",
"versionEndExcluding": "https://aka.ms/OfficeSecurityReleases",
"versionStartIncluding": "16.0.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:office_2021:*:*:*:*:long_term_servicing_channel:*:*:*",
"versionEndExcluding": "https://aka.ms/OfficeSecurityReleases",
"versionStartIncluding": "16.0.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:onenote_for_mac:*:*:*:*:*:*:*:*",
"versionEndExcluding": "16.96.25033028",
"versionStartIncluding": "1.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:office_2024:*:*:*:*:long_term_servicing_channel:*:*:*",
"versionEndExcluding": "https://aka.ms/OfficeSecurityReleases",
"versionStartIncluding": "1.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:onenote_2016:*:*:*:*:*:*:*:*",
"versionEndExcluding": "16.0.5495.1001",
"versionStartIncluding": "16.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:office_macos_2024:*:*:*:*:*:long_term_servicing_channel:*:*",
"versionEndExcluding": "16.96.25041326",
"versionStartIncluding": "1.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:office_macos_2021:*:*:*:*:*:long_term_servicing_channel:*:*",
"versionEndExcluding": "16.96.25041326",
"versionStartIncluding": "16.0.1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"datePublic": "2025-04-08T07:00:00.000Z",
"descriptions": [
{
"lang": "en-US",
"value": "Incomplete list of disallowed inputs in Microsoft Office OneNote allows an unauthorized attacker to bypass a security feature locally."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en-US",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-184",
"description": "CWE-184: Incomplete List of Disallowed Inputs",
"lang": "en-US",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-06-04T17:52:47.373Z",
"orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"shortName": "microsoft"
},
"references": [
{
"name": "Microsoft OneNote Security Feature Bypass Vulnerability",
"tags": [
"vendor-advisory"
],
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-29822"
}
],
"title": "Microsoft OneNote Security Feature Bypass Vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"assignerShortName": "microsoft",
"cveId": "CVE-2025-29822",
"datePublished": "2025-04-08T17:23:32.887Z",
"dateReserved": "2025-03-11T22:56:43.943Z",
"dateUpdated": "2025-06-04T17:52:47.373Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-21402 (GCVE-0-2025-21402)
Vulnerability from cvelistv5 – Published: 2025-01-14 18:04 – Updated: 2025-09-09 23:46
VLAI?
Summary
Microsoft Office OneNote Remote Code Execution Vulnerability
Severity ?
CWE
- CWE-641 - Improper Restriction of Names for Files and Other Resources
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Microsoft | Microsoft Office LTSC for Mac 2021 |
Affected:
16.0.1 , < 16.93.25011212
(custom)
|
||||||||||||
|
||||||||||||||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-21402",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-02-05T00:00:00+00:00",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-02-06T04:55:45.958Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"platforms": [
"Unknown"
],
"product": "Microsoft Office LTSC for Mac 2021",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "16.93.25011212",
"status": "affected",
"version": "16.0.1",
"versionType": "custom"
}
]
},
{
"platforms": [
"Unknown"
],
"product": "Microsoft Office LTSC for Mac 2024",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "16.93.25011212",
"status": "affected",
"version": "1.0.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"Unknown"
],
"product": "Microsoft OneNote",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "16.92.24120731",
"status": "affected",
"version": "1.0.0",
"versionType": "custom"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:microsoft:office_macos_2021:*:*:*:*:*:long_term_servicing_channel:*:*",
"versionEndExcluding": "16.93.25011212",
"versionStartIncluding": "16.0.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:office_macos_2024:*:*:*:*:*:long_term_servicing_channel:*:*",
"versionEndExcluding": "16.93.25011212",
"versionStartIncluding": "1.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:onenote_for_mac:*:*:*:*:*:*:*:*",
"versionEndExcluding": "16.92.24120731",
"versionStartIncluding": "1.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"datePublic": "2025-01-14T08:00:00.000Z",
"descriptions": [
{
"lang": "en-US",
"value": "Microsoft Office OneNote Remote Code Execution Vulnerability"
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RC:C",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en-US",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-641",
"description": "CWE-641: Improper Restriction of Names for Files and Other Resources",
"lang": "en-US",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-09-09T23:46:51.752Z",
"orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"shortName": "microsoft"
},
"references": [
{
"name": "Microsoft Office OneNote Remote Code Execution Vulnerability",
"tags": [
"vendor-advisory"
],
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-21402"
}
],
"title": "Microsoft Office OneNote Remote Code Execution Vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"assignerShortName": "microsoft",
"cveId": "CVE-2025-21402",
"datePublished": "2025-01-14T18:04:46.460Z",
"dateReserved": "2024-12-11T00:29:48.375Z",
"dateUpdated": "2025-09-09T23:46:51.752Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-41159 (GCVE-0-2024-41159)
Vulnerability from cvelistv5 – Published: 2024-12-18 22:39 – Updated: 2024-12-20 17:31
VLAI?
Summary
A library injection vulnerability exists in Microsoft OneNote 16.83 for macOS. A specially crafted library can leverage OneNote's access privileges, leading to a permission bypass. A malicious application could inject a library and start the program to trigger this vulnerability and then make use of the vulnerable application's permissions.
Severity ?
7.1 (High)
CWE
- CWE-347 - Improper Verification of Cryptographic Signature
Assigner
References
Credits
Discovered by Francesco Benvenuto of Cisco Talos.
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-12-18T23:02:59.692Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"url": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2024-1975"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-41159",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-12-20T17:31:42.942957Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-12-20T17:31:52.560Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "OneNote",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "16.83 for macOS"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Discovered by Francesco Benvenuto of Cisco Talos."
}
],
"descriptions": [
{
"lang": "en",
"value": "A library injection vulnerability exists in Microsoft OneNote 16.83 for macOS. A specially crafted library can leverage OneNote\u0027s access privileges, leading to a permission bypass. A malicious application could inject a library and start the program to trigger this vulnerability and then make use of the vulnerable application\u0027s permissions."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 7.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-347",
"description": "CWE-347: Improper Verification of Cryptographic Signature",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-12-18T22:39:10.003Z",
"orgId": "b86d76f8-0f8a-4a96-a78d-d8abfc7fc29b",
"shortName": "talos"
},
"references": [
{
"name": "https://talosintelligence.com/vulnerability_reports/TALOS-2024-1975",
"url": "https://talosintelligence.com/vulnerability_reports/TALOS-2024-1975"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "b86d76f8-0f8a-4a96-a78d-d8abfc7fc29b",
"assignerShortName": "talos",
"cveId": "CVE-2024-41159",
"datePublished": "2024-12-18T22:39:10.003Z",
"dateReserved": "2024-08-05T20:37:16.296Z",
"dateUpdated": "2024-12-20T17:31:52.560Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-36769 (GCVE-0-2023-36769)
Vulnerability from cvelistv5 – Published: 2023-11-06 22:51 – Updated: 2025-02-28 19:33
VLAI?
Summary
Microsoft OneNote Spoofing Vulnerability
Severity ?
CWE
- Spoofing
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Microsoft | Microsoft Office 2019 |
Affected:
19.0.0 , < https://aka.ms/OfficeSecurityReleases
(custom)
|
||||||||||||||||||||||
|
||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T17:01:08.536Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "Microsoft OneNote Spoofing Vulnerability",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36769"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-36769",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-02-28T19:24:15.924119Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-290",
"description": "CWE-290 Authentication Bypass by Spoofing",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-02-28T19:33:32.737Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"platforms": [
"32-bit Systems",
"x64-based Systems"
],
"product": "Microsoft Office 2019",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "https://aka.ms/OfficeSecurityReleases",
"status": "affected",
"version": "19.0.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"x64-based Systems",
"32-bit Systems"
],
"product": "Microsoft Office LTSC 2021",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "https://aka.ms/OfficeSecurityReleases",
"status": "affected",
"version": "16.0.1",
"versionType": "custom"
}
]
},
{
"platforms": [
"32-bit Systems",
"x64-based Systems"
],
"product": "Microsoft OneNote 2016",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "16.0.5408.1000",
"status": "affected",
"version": "16.0.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"32-bit Systems"
],
"product": "Microsoft OneNote 2013",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "15.0.5579.1000",
"status": "affected",
"version": "15.0.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"x64-based Systems",
"ARM64-based Systems"
],
"product": "Microsoft OneNote 2013 Service Pack 1",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "15.0.5579.1000",
"status": "affected",
"version": "15.0.0",
"versionType": "custom"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:microsoft:office:*:*:*:*:*:*:*:*",
"versionEndExcluding": "https://aka.ms/OfficeSecurityReleases",
"versionStartIncluding": "19.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:office_long_term_servicing_channel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "https://aka.ms/OfficeSecurityReleases",
"versionStartIncluding": "16.0.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:onenote_2016:*:*:*:*:*:*:*:*",
"versionEndExcluding": "16.0.5408.1000",
"versionStartIncluding": "16.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:onenote_2013:*:*:*:*:*:*:*:*",
"versionEndExcluding": "15.0.5579.1000",
"versionStartIncluding": "15.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:onenote_2013:*:*:*:*:*:*:*:*",
"versionEndExcluding": "15.0.5579.1000",
"versionStartIncluding": "15.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"datePublic": "2023-08-15T07:00:00.000Z",
"descriptions": [
{
"lang": "en-US",
"value": "Microsoft OneNote Spoofing Vulnerability"
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 4.6,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N/E:U/RL:O/RC:C",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en-US",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Spoofing",
"lang": "en-US",
"type": "Impact"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-01-01T01:59:17.503Z",
"orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"shortName": "microsoft"
},
"references": [
{
"name": "Microsoft OneNote Spoofing Vulnerability",
"tags": [
"vendor-advisory"
],
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36769"
}
],
"title": "Microsoft OneNote Spoofing Vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"assignerShortName": "microsoft",
"cveId": "CVE-2023-36769",
"datePublished": "2023-11-06T22:51:21.878Z",
"dateReserved": "2023-06-27T15:11:59.869Z",
"dateUpdated": "2025-02-28T19:33:32.737Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-33140 (GCVE-0-2023-33140)
Vulnerability from cvelistv5 – Published: 2023-06-13 23:26 – Updated: 2025-03-19 19:54
VLAI?
Summary
Microsoft OneNote Spoofing Vulnerability
Severity ?
CWE
- Spoofing
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Microsoft | Microsoft OneNote for Universal |
Affected:
16.0.0 , < 16.0.14326.21450
(custom)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2025-03-19T19:54:49.951Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"url": "https://github.com/WlX-33/PoC-for-CVE/blob/main/CVE-2023-33140/Microsoft%20OneNote%20(Version%202305%20Build%2016.0.16501.20074)%2064-bit%20-%20Spoofing%20Vulnerability.txt"
},
{
"name": "Microsoft OneNote Spoofing Vulnerability",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-33140"
}
],
"title": "CVE Program Container",
"x_generator": {
"engine": "ADPogram 0.0.1"
}
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-33140",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-02-28T19:24:55.849362Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-290",
"description": "CWE-290 Authentication Bypass by Spoofing",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-02-28T19:41:06.392Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"platforms": [
"Unknown"
],
"product": "Microsoft OneNote for Universal",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "16.0.14326.21450",
"status": "affected",
"version": "16.0.0",
"versionType": "custom"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:microsoft:onenote_for_universal:*:*:*:*:*:*:*:*",
"versionEndExcluding": "16.0.14326.21450",
"versionStartIncluding": "16.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"datePublic": "2023-06-13T07:00:00.000Z",
"descriptions": [
{
"lang": "en-US",
"value": "Microsoft OneNote Spoofing Vulnerability"
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en-US",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Spoofing",
"lang": "en-US",
"type": "Impact"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-01-01T01:44:16.270Z",
"orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"shortName": "microsoft"
},
"references": [
{
"name": "Microsoft OneNote Spoofing Vulnerability",
"tags": [
"vendor-advisory"
],
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-33140"
}
],
"title": "Microsoft OneNote Spoofing Vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"assignerShortName": "microsoft",
"cveId": "CVE-2023-33140",
"datePublished": "2023-06-13T23:26:26.972Z",
"dateReserved": "2023-05-17T21:16:44.896Z",
"dateUpdated": "2025-03-19T19:54:49.951Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-21721 (GCVE-0-2023-21721)
Vulnerability from cvelistv5 – Published: 2023-02-14 19:32 – Updated: 2025-01-01 00:41
VLAI?
Summary
Microsoft OneNote Elevation of Privilege Vulnerability
Severity ?
CWE
- CWE-287 - Improper Authentication
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Microsoft | Microsoft OneNote for Android |
Affected:
16.0.1 , < 16.0.16026.20158
(custom)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T09:51:49.388Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "Microsoft OneNote Elevation of Privilege Vulnerability",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-21721"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"platforms": [
"Unknown"
],
"product": "Microsoft OneNote for Android",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "16.0.16026.20158",
"status": "affected",
"version": "16.0.1",
"versionType": "custom"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:microsoft:onenote_for_android:*:*:*:*:*:*:*:*",
"versionEndExcluding": "16.0.16026.20158",
"versionStartIncluding": "16.0.1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"datePublic": "2023-02-14T08:00:00+00:00",
"descriptions": [
{
"lang": "en-US",
"value": "Microsoft OneNote Elevation of Privilege Vulnerability"
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en-US",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-287",
"description": "CWE-287: Improper Authentication",
"lang": "en-US",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-01-01T00:41:22.970Z",
"orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"shortName": "microsoft"
},
"references": [
{
"name": "Microsoft OneNote Elevation of Privilege Vulnerability",
"tags": [
"vendor-advisory"
],
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-21721"
}
],
"title": "Microsoft OneNote Elevation of Privilege Vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"assignerShortName": "microsoft",
"cveId": "CVE-2023-21721",
"datePublished": "2023-02-14T19:32:48.000Z",
"dateReserved": "2022-12-13T18:08:03.492Z",
"dateUpdated": "2025-01-01T00:41:22.970Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-8509 (GCVE-0-2017-8509)
Vulnerability from cvelistv5 – Published: 2017-06-15 01:00 – Updated: 2024-08-05 16:41
VLAI?
Summary
A remote code execution vulnerability exists in Microsoft Office when the software fails to properly handle objects in memory, aka "Office Remote Code Execution Vulnerability". This CVE ID is unique from CVE-2017-8510, CVE-2017-8511, CVE-2017-8512, CVE-2017-0260, and CVE-2017-8506.
Severity ?
No CVSS data available.
CWE
- Remote Code Execution
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Microsoft Corporation | Microsoft Office |
Affected:
Microsoft Office 2007 Service Pack 3, Microsoft Office Compatibility Pack Service Pack 3, Microsoft Word 2007, Microsoft Office 2010 Service Pack 2, Microsoft Word 2010 Service Pack 2, Microsoft Office 2013 Service Pack 1, Microsoft Office 2016, Microsoft Office Web Apps 2010 Service Pack 2, Microsoft Office Web Apps Server 2013 Service Pack 1, Microsoft Word 2013 RT Service Pack 1, Microsoft OneNote 2010 Service Pack 2, Microsoft SharePoint Enterprise Server 2013 Service Pack 1, Microsoft SharePoint Enterprise Server 2016, and Microsoft Word 2016
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T16:41:23.029Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8509"
},
{
"name": "98812",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/98812"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Microsoft Office",
"vendor": "Microsoft Corporation",
"versions": [
{
"status": "affected",
"version": "Microsoft Office 2007 Service Pack 3, Microsoft Office Compatibility Pack Service Pack 3, Microsoft Word 2007, Microsoft Office 2010 Service Pack 2, Microsoft Word 2010 Service Pack 2, Microsoft Office 2013 Service Pack 1, Microsoft Office 2016, Microsoft Office Web Apps 2010 Service Pack 2, Microsoft Office Web Apps Server 2013 Service Pack 1, Microsoft Word 2013 RT Service Pack 1, Microsoft OneNote 2010 Service Pack 2, Microsoft SharePoint Enterprise Server 2013 Service Pack 1, Microsoft SharePoint Enterprise Server 2016, and Microsoft Word 2016"
}
]
}
],
"datePublic": "2017-06-13T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "A remote code execution vulnerability exists in Microsoft Office when the software fails to properly handle objects in memory, aka \"Office Remote Code Execution Vulnerability\". This CVE ID is unique from CVE-2017-8510, CVE-2017-8511, CVE-2017-8512, CVE-2017-0260, and CVE-2017-8506."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Remote Code Execution",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-06-15T09:57:01",
"orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"shortName": "microsoft"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8509"
},
{
"name": "98812",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/98812"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secure@microsoft.com",
"ID": "CVE-2017-8509",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Microsoft Office",
"version": {
"version_data": [
{
"version_value": "Microsoft Office 2007 Service Pack 3, Microsoft Office Compatibility Pack Service Pack 3, Microsoft Word 2007, Microsoft Office 2010 Service Pack 2, Microsoft Word 2010 Service Pack 2, Microsoft Office 2013 Service Pack 1, Microsoft Office 2016, Microsoft Office Web Apps 2010 Service Pack 2, Microsoft Office Web Apps Server 2013 Service Pack 1, Microsoft Word 2013 RT Service Pack 1, Microsoft OneNote 2010 Service Pack 2, Microsoft SharePoint Enterprise Server 2013 Service Pack 1, Microsoft SharePoint Enterprise Server 2016, and Microsoft Word 2016"
}
]
}
}
]
},
"vendor_name": "Microsoft Corporation"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A remote code execution vulnerability exists in Microsoft Office when the software fails to properly handle objects in memory, aka \"Office Remote Code Execution Vulnerability\". This CVE ID is unique from CVE-2017-8510, CVE-2017-8511, CVE-2017-8512, CVE-2017-0260, and CVE-2017-8506."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Remote Code Execution"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8509",
"refsource": "CONFIRM",
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8509"
},
{
"name": "98812",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/98812"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"assignerShortName": "microsoft",
"cveId": "CVE-2017-8509",
"datePublished": "2017-06-15T01:00:00",
"dateReserved": "2017-05-03T00:00:00",
"dateUpdated": "2024-08-05T16:41:23.029Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-0197 (GCVE-0-2017-0197)
Vulnerability from cvelistv5 – Published: 2017-04-12 14:00 – Updated: 2024-08-05 12:55
VLAI?
Summary
Microsoft OneNote 2007 SP3 and Microsoft OneNote 2010 SP2 allow remote attackers to execute arbitrary code via a crafted document, aka "Microsoft Office DLL Loading Vulnerability."
Severity ?
No CVSS data available.
CWE
- Remote Code Execution
Assigner
References
| URL | Tags | |||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Microsoft Corporation | Office |
Affected:
OneNote 2007 SP3 and Microsoft OneNote 2010 SP2
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T12:55:19.150Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "97411",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/97411"
},
{
"name": "1038241",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1038241"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0197"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://twitter.com/buffaloverflow/status/852937040480149505"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Office",
"vendor": "Microsoft Corporation",
"versions": [
{
"status": "affected",
"version": "OneNote 2007 SP3 and Microsoft OneNote 2010 SP2"
}
]
}
],
"datePublic": "2017-04-11T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Microsoft OneNote 2007 SP3 and Microsoft OneNote 2010 SP2 allow remote attackers to execute arbitrary code via a crafted document, aka \"Microsoft Office DLL Loading Vulnerability.\""
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Remote Code Execution",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-10T09:57:01",
"orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"shortName": "microsoft"
},
"references": [
{
"name": "97411",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/97411"
},
{
"name": "1038241",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1038241"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0197"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://twitter.com/buffaloverflow/status/852937040480149505"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secure@microsoft.com",
"ID": "CVE-2017-0197",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Office",
"version": {
"version_data": [
{
"version_value": "OneNote 2007 SP3 and Microsoft OneNote 2010 SP2"
}
]
}
}
]
},
"vendor_name": "Microsoft Corporation"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Microsoft OneNote 2007 SP3 and Microsoft OneNote 2010 SP2 allow remote attackers to execute arbitrary code via a crafted document, aka \"Microsoft Office DLL Loading Vulnerability.\""
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Remote Code Execution"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "97411",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/97411"
},
{
"name": "1038241",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1038241"
},
{
"name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0197",
"refsource": "CONFIRM",
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0197"
},
{
"name": "https://twitter.com/buffaloverflow/status/852937040480149505",
"refsource": "MISC",
"url": "https://twitter.com/buffaloverflow/status/852937040480149505"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"assignerShortName": "microsoft",
"cveId": "CVE-2017-0197",
"datePublished": "2017-04-12T14:00:00",
"dateReserved": "2016-09-09T00:00:00",
"dateUpdated": "2024-08-05T12:55:19.150Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2016-3315 (GCVE-0-2016-3315)
Vulnerability from cvelistv5 – Published: 2016-08-09 21:00 – Updated: 2024-08-05 23:47
VLAI?
Summary
Microsoft OneNote 2007 SP3, 2010 SP2, 2013 SP1, 2013 RT SP1, 2016, and 2016 for Mac allow remote attackers to obtain sensitive information via a crafted OneNote file, aka "Microsoft OneNote Information Disclosure Vulnerability."
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T23:47:59.183Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "1036559",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1036559"
},
{
"name": "92294",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/92294"
},
{
"name": "MS16-099",
"tags": [
"vendor-advisory",
"x_refsource_MS",
"x_transferred"
],
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-099"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2016-08-09T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Microsoft OneNote 2007 SP3, 2010 SP2, 2013 SP1, 2013 RT SP1, 2016, and 2016 for Mac allow remote attackers to obtain sensitive information via a crafted OneNote file, aka \"Microsoft OneNote Information Disclosure Vulnerability.\""
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-12T19:57:01",
"orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"shortName": "microsoft"
},
"references": [
{
"name": "1036559",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1036559"
},
{
"name": "92294",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/92294"
},
{
"name": "MS16-099",
"tags": [
"vendor-advisory",
"x_refsource_MS"
],
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-099"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secure@microsoft.com",
"ID": "CVE-2016-3315",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Microsoft OneNote 2007 SP3, 2010 SP2, 2013 SP1, 2013 RT SP1, 2016, and 2016 for Mac allow remote attackers to obtain sensitive information via a crafted OneNote file, aka \"Microsoft OneNote Information Disclosure Vulnerability.\""
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1036559",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1036559"
},
{
"name": "92294",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/92294"
},
{
"name": "MS16-099",
"refsource": "MS",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-099"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"assignerShortName": "microsoft",
"cveId": "CVE-2016-3315",
"datePublished": "2016-08-09T21:00:00",
"dateReserved": "2016-03-15T00:00:00",
"dateUpdated": "2024-08-05T23:47:59.183Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2015-2503 (GCVE-0-2015-2503)
Vulnerability from cvelistv5 – Published: 2015-11-11 11:00 – Updated: 2024-08-06 05:17
VLAI?
Summary
Microsoft Access 2007 SP3, Excel 2007 SP3, InfoPath 2007 SP3, OneNote 2007 SP3, PowerPoint 2007 SP3, Project 2007 SP3, Publisher 2007 SP3, Visio 2007 SP3, Word 2007 SP3, Office 2007 IME (Japanese) SP3, Access 2010 SP2, Excel 2010 SP2, InfoPath 2010 SP2, OneNote 2010 SP2, PowerPoint 2010 SP2, Project 2010 SP2, Publisher 2010 SP2, Visio 2010 SP2, Word 2010 SP2, Pinyin IME 2010, Access 2013 SP1, Excel 2013 SP1, InfoPath 2013 SP1, OneNote 2013 SP1, PowerPoint 2013 SP1, Project 2013 SP1, Publisher 2013 SP1, Visio 2013 SP1, Word 2013 SP1, Excel 2013 RT SP1, OneNote 2013 RT SP1, PowerPoint 2013 RT SP1, Word 2013 RT SP1, Access 2016, Excel 2016, OneNote 2016, PowerPoint 2016, Project 2016, Publisher 2016, Visio 2016, Word 2016, Skype for Business 2016, and Lync 2013 SP1 allow remote attackers to bypass a sandbox protection mechanism and gain privileges via a crafted web site that is accessed with Internet Explorer, as demonstrated by a transition from Low Integrity to Medium Integrity, aka "Microsoft Office Elevation of Privilege Vulnerability."
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T05:17:27.099Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "1034117",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1034117"
},
{
"name": "1034122",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1034122"
},
{
"name": "MS15-116",
"tags": [
"vendor-advisory",
"x_refsource_MS",
"x_transferred"
],
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-116"
},
{
"name": "1034119",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1034119"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2015-11-10T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Microsoft Access 2007 SP3, Excel 2007 SP3, InfoPath 2007 SP3, OneNote 2007 SP3, PowerPoint 2007 SP3, Project 2007 SP3, Publisher 2007 SP3, Visio 2007 SP3, Word 2007 SP3, Office 2007 IME (Japanese) SP3, Access 2010 SP2, Excel 2010 SP2, InfoPath 2010 SP2, OneNote 2010 SP2, PowerPoint 2010 SP2, Project 2010 SP2, Publisher 2010 SP2, Visio 2010 SP2, Word 2010 SP2, Pinyin IME 2010, Access 2013 SP1, Excel 2013 SP1, InfoPath 2013 SP1, OneNote 2013 SP1, PowerPoint 2013 SP1, Project 2013 SP1, Publisher 2013 SP1, Visio 2013 SP1, Word 2013 SP1, Excel 2013 RT SP1, OneNote 2013 RT SP1, PowerPoint 2013 RT SP1, Word 2013 RT SP1, Access 2016, Excel 2016, OneNote 2016, PowerPoint 2016, Project 2016, Publisher 2016, Visio 2016, Word 2016, Skype for Business 2016, and Lync 2013 SP1 allow remote attackers to bypass a sandbox protection mechanism and gain privileges via a crafted web site that is accessed with Internet Explorer, as demonstrated by a transition from Low Integrity to Medium Integrity, aka \"Microsoft Office Elevation of Privilege Vulnerability.\""
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-12T19:57:01",
"orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"shortName": "microsoft"
},
"references": [
{
"name": "1034117",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1034117"
},
{
"name": "1034122",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1034122"
},
{
"name": "MS15-116",
"tags": [
"vendor-advisory",
"x_refsource_MS"
],
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-116"
},
{
"name": "1034119",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1034119"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secure@microsoft.com",
"ID": "CVE-2015-2503",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Microsoft Access 2007 SP3, Excel 2007 SP3, InfoPath 2007 SP3, OneNote 2007 SP3, PowerPoint 2007 SP3, Project 2007 SP3, Publisher 2007 SP3, Visio 2007 SP3, Word 2007 SP3, Office 2007 IME (Japanese) SP3, Access 2010 SP2, Excel 2010 SP2, InfoPath 2010 SP2, OneNote 2010 SP2, PowerPoint 2010 SP2, Project 2010 SP2, Publisher 2010 SP2, Visio 2010 SP2, Word 2010 SP2, Pinyin IME 2010, Access 2013 SP1, Excel 2013 SP1, InfoPath 2013 SP1, OneNote 2013 SP1, PowerPoint 2013 SP1, Project 2013 SP1, Publisher 2013 SP1, Visio 2013 SP1, Word 2013 SP1, Excel 2013 RT SP1, OneNote 2013 RT SP1, PowerPoint 2013 RT SP1, Word 2013 RT SP1, Access 2016, Excel 2016, OneNote 2016, PowerPoint 2016, Project 2016, Publisher 2016, Visio 2016, Word 2016, Skype for Business 2016, and Lync 2013 SP1 allow remote attackers to bypass a sandbox protection mechanism and gain privileges via a crafted web site that is accessed with Internet Explorer, as demonstrated by a transition from Low Integrity to Medium Integrity, aka \"Microsoft Office Elevation of Privilege Vulnerability.\""
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1034117",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1034117"
},
{
"name": "1034122",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1034122"
},
{
"name": "MS15-116",
"refsource": "MS",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-116"
},
{
"name": "1034119",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1034119"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"assignerShortName": "microsoft",
"cveId": "CVE-2015-2503",
"datePublished": "2015-11-11T11:00:00",
"dateReserved": "2015-03-19T00:00:00",
"dateUpdated": "2024-08-06T05:17:27.099Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-29822 (GCVE-0-2025-29822)
Vulnerability from nvd – Published: 2025-04-08 17:23 – Updated: 2025-06-04 17:52
VLAI?
Summary
Incomplete list of disallowed inputs in Microsoft Office OneNote allows an unauthorized attacker to bypass a security feature locally.
Severity ?
CWE
- CWE-184 - Incomplete List of Disallowed Inputs
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | |||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Microsoft | Microsoft Office 2019 |
Affected:
19.0.0 , < https://aka.ms/OfficeSecurityReleases
(custom)
|
|||||||||||||||||||||||||||||||||||||
|
|||||||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-29822",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-08T20:13:35.512534Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-04-08T20:22:56.573Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"platforms": [
"32-bit Systems",
"x64-based Systems"
],
"product": "Microsoft Office 2019",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "https://aka.ms/OfficeSecurityReleases",
"status": "affected",
"version": "19.0.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"32-bit Systems",
"x64-based Systems"
],
"product": "Microsoft 365 Apps for Enterprise",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "https://aka.ms/OfficeSecurityReleases",
"status": "affected",
"version": "16.0.1",
"versionType": "custom"
}
]
},
{
"platforms": [
"x64-based Systems",
"32-bit Systems"
],
"product": "Microsoft Office LTSC 2021",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "https://aka.ms/OfficeSecurityReleases",
"status": "affected",
"version": "16.0.1",
"versionType": "custom"
}
]
},
{
"platforms": [
"Unknown"
],
"product": "Microsoft OneNote",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "16.96.25033028",
"status": "affected",
"version": "1.0.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"32-bit Systems",
"x64-based Systems"
],
"product": "Microsoft Office LTSC 2024",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "https://aka.ms/OfficeSecurityReleases",
"status": "affected",
"version": "1.0.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"32-bit Systems",
"x64-based Systems"
],
"product": "Microsoft OneNote 2016",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "16.0.5495.1001",
"status": "affected",
"version": "16.0.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"Unknown"
],
"product": "Microsoft Office LTSC for Mac 2024",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "16.96.25041326",
"status": "affected",
"version": "1.0.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"Unknown"
],
"product": "Microsoft Office LTSC for Mac 2021",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "16.96.25041326",
"status": "affected",
"version": "16.0.1",
"versionType": "custom"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:microsoft:office_2019:*:*:*:*:*:*:*:*",
"versionEndExcluding": "https://aka.ms/OfficeSecurityReleases",
"versionStartIncluding": "19.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:365_apps:*:*:*:*:enterprise:*:*:*",
"versionEndExcluding": "https://aka.ms/OfficeSecurityReleases",
"versionStartIncluding": "16.0.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:office_2021:*:*:*:*:long_term_servicing_channel:*:*:*",
"versionEndExcluding": "https://aka.ms/OfficeSecurityReleases",
"versionStartIncluding": "16.0.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:onenote_for_mac:*:*:*:*:*:*:*:*",
"versionEndExcluding": "16.96.25033028",
"versionStartIncluding": "1.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:office_2024:*:*:*:*:long_term_servicing_channel:*:*:*",
"versionEndExcluding": "https://aka.ms/OfficeSecurityReleases",
"versionStartIncluding": "1.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:onenote_2016:*:*:*:*:*:*:*:*",
"versionEndExcluding": "16.0.5495.1001",
"versionStartIncluding": "16.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:office_macos_2024:*:*:*:*:*:long_term_servicing_channel:*:*",
"versionEndExcluding": "16.96.25041326",
"versionStartIncluding": "1.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:office_macos_2021:*:*:*:*:*:long_term_servicing_channel:*:*",
"versionEndExcluding": "16.96.25041326",
"versionStartIncluding": "16.0.1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"datePublic": "2025-04-08T07:00:00.000Z",
"descriptions": [
{
"lang": "en-US",
"value": "Incomplete list of disallowed inputs in Microsoft Office OneNote allows an unauthorized attacker to bypass a security feature locally."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en-US",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-184",
"description": "CWE-184: Incomplete List of Disallowed Inputs",
"lang": "en-US",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-06-04T17:52:47.373Z",
"orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"shortName": "microsoft"
},
"references": [
{
"name": "Microsoft OneNote Security Feature Bypass Vulnerability",
"tags": [
"vendor-advisory"
],
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-29822"
}
],
"title": "Microsoft OneNote Security Feature Bypass Vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"assignerShortName": "microsoft",
"cveId": "CVE-2025-29822",
"datePublished": "2025-04-08T17:23:32.887Z",
"dateReserved": "2025-03-11T22:56:43.943Z",
"dateUpdated": "2025-06-04T17:52:47.373Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-21402 (GCVE-0-2025-21402)
Vulnerability from nvd – Published: 2025-01-14 18:04 – Updated: 2025-09-09 23:46
VLAI?
Summary
Microsoft Office OneNote Remote Code Execution Vulnerability
Severity ?
CWE
- CWE-641 - Improper Restriction of Names for Files and Other Resources
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Microsoft | Microsoft Office LTSC for Mac 2021 |
Affected:
16.0.1 , < 16.93.25011212
(custom)
|
||||||||||||
|
||||||||||||||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-21402",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-02-05T00:00:00+00:00",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-02-06T04:55:45.958Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"platforms": [
"Unknown"
],
"product": "Microsoft Office LTSC for Mac 2021",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "16.93.25011212",
"status": "affected",
"version": "16.0.1",
"versionType": "custom"
}
]
},
{
"platforms": [
"Unknown"
],
"product": "Microsoft Office LTSC for Mac 2024",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "16.93.25011212",
"status": "affected",
"version": "1.0.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"Unknown"
],
"product": "Microsoft OneNote",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "16.92.24120731",
"status": "affected",
"version": "1.0.0",
"versionType": "custom"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:microsoft:office_macos_2021:*:*:*:*:*:long_term_servicing_channel:*:*",
"versionEndExcluding": "16.93.25011212",
"versionStartIncluding": "16.0.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:office_macos_2024:*:*:*:*:*:long_term_servicing_channel:*:*",
"versionEndExcluding": "16.93.25011212",
"versionStartIncluding": "1.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:onenote_for_mac:*:*:*:*:*:*:*:*",
"versionEndExcluding": "16.92.24120731",
"versionStartIncluding": "1.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"datePublic": "2025-01-14T08:00:00.000Z",
"descriptions": [
{
"lang": "en-US",
"value": "Microsoft Office OneNote Remote Code Execution Vulnerability"
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RC:C",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en-US",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-641",
"description": "CWE-641: Improper Restriction of Names for Files and Other Resources",
"lang": "en-US",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-09-09T23:46:51.752Z",
"orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"shortName": "microsoft"
},
"references": [
{
"name": "Microsoft Office OneNote Remote Code Execution Vulnerability",
"tags": [
"vendor-advisory"
],
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-21402"
}
],
"title": "Microsoft Office OneNote Remote Code Execution Vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"assignerShortName": "microsoft",
"cveId": "CVE-2025-21402",
"datePublished": "2025-01-14T18:04:46.460Z",
"dateReserved": "2024-12-11T00:29:48.375Z",
"dateUpdated": "2025-09-09T23:46:51.752Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-41159 (GCVE-0-2024-41159)
Vulnerability from nvd – Published: 2024-12-18 22:39 – Updated: 2024-12-20 17:31
VLAI?
Summary
A library injection vulnerability exists in Microsoft OneNote 16.83 for macOS. A specially crafted library can leverage OneNote's access privileges, leading to a permission bypass. A malicious application could inject a library and start the program to trigger this vulnerability and then make use of the vulnerable application's permissions.
Severity ?
7.1 (High)
CWE
- CWE-347 - Improper Verification of Cryptographic Signature
Assigner
References
Credits
Discovered by Francesco Benvenuto of Cisco Talos.
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-12-18T23:02:59.692Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"url": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2024-1975"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-41159",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-12-20T17:31:42.942957Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-12-20T17:31:52.560Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "OneNote",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "16.83 for macOS"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Discovered by Francesco Benvenuto of Cisco Talos."
}
],
"descriptions": [
{
"lang": "en",
"value": "A library injection vulnerability exists in Microsoft OneNote 16.83 for macOS. A specially crafted library can leverage OneNote\u0027s access privileges, leading to a permission bypass. A malicious application could inject a library and start the program to trigger this vulnerability and then make use of the vulnerable application\u0027s permissions."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 7.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-347",
"description": "CWE-347: Improper Verification of Cryptographic Signature",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-12-18T22:39:10.003Z",
"orgId": "b86d76f8-0f8a-4a96-a78d-d8abfc7fc29b",
"shortName": "talos"
},
"references": [
{
"name": "https://talosintelligence.com/vulnerability_reports/TALOS-2024-1975",
"url": "https://talosintelligence.com/vulnerability_reports/TALOS-2024-1975"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "b86d76f8-0f8a-4a96-a78d-d8abfc7fc29b",
"assignerShortName": "talos",
"cveId": "CVE-2024-41159",
"datePublished": "2024-12-18T22:39:10.003Z",
"dateReserved": "2024-08-05T20:37:16.296Z",
"dateUpdated": "2024-12-20T17:31:52.560Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-36769 (GCVE-0-2023-36769)
Vulnerability from nvd – Published: 2023-11-06 22:51 – Updated: 2025-02-28 19:33
VLAI?
Summary
Microsoft OneNote Spoofing Vulnerability
Severity ?
CWE
- Spoofing
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Microsoft | Microsoft Office 2019 |
Affected:
19.0.0 , < https://aka.ms/OfficeSecurityReleases
(custom)
|
||||||||||||||||||||||
|
||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T17:01:08.536Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "Microsoft OneNote Spoofing Vulnerability",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36769"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-36769",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-02-28T19:24:15.924119Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-290",
"description": "CWE-290 Authentication Bypass by Spoofing",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-02-28T19:33:32.737Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"platforms": [
"32-bit Systems",
"x64-based Systems"
],
"product": "Microsoft Office 2019",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "https://aka.ms/OfficeSecurityReleases",
"status": "affected",
"version": "19.0.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"x64-based Systems",
"32-bit Systems"
],
"product": "Microsoft Office LTSC 2021",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "https://aka.ms/OfficeSecurityReleases",
"status": "affected",
"version": "16.0.1",
"versionType": "custom"
}
]
},
{
"platforms": [
"32-bit Systems",
"x64-based Systems"
],
"product": "Microsoft OneNote 2016",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "16.0.5408.1000",
"status": "affected",
"version": "16.0.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"32-bit Systems"
],
"product": "Microsoft OneNote 2013",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "15.0.5579.1000",
"status": "affected",
"version": "15.0.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"x64-based Systems",
"ARM64-based Systems"
],
"product": "Microsoft OneNote 2013 Service Pack 1",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "15.0.5579.1000",
"status": "affected",
"version": "15.0.0",
"versionType": "custom"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:microsoft:office:*:*:*:*:*:*:*:*",
"versionEndExcluding": "https://aka.ms/OfficeSecurityReleases",
"versionStartIncluding": "19.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:office_long_term_servicing_channel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "https://aka.ms/OfficeSecurityReleases",
"versionStartIncluding": "16.0.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:onenote_2016:*:*:*:*:*:*:*:*",
"versionEndExcluding": "16.0.5408.1000",
"versionStartIncluding": "16.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:onenote_2013:*:*:*:*:*:*:*:*",
"versionEndExcluding": "15.0.5579.1000",
"versionStartIncluding": "15.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:onenote_2013:*:*:*:*:*:*:*:*",
"versionEndExcluding": "15.0.5579.1000",
"versionStartIncluding": "15.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"datePublic": "2023-08-15T07:00:00.000Z",
"descriptions": [
{
"lang": "en-US",
"value": "Microsoft OneNote Spoofing Vulnerability"
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 4.6,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N/E:U/RL:O/RC:C",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en-US",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Spoofing",
"lang": "en-US",
"type": "Impact"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-01-01T01:59:17.503Z",
"orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"shortName": "microsoft"
},
"references": [
{
"name": "Microsoft OneNote Spoofing Vulnerability",
"tags": [
"vendor-advisory"
],
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36769"
}
],
"title": "Microsoft OneNote Spoofing Vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"assignerShortName": "microsoft",
"cveId": "CVE-2023-36769",
"datePublished": "2023-11-06T22:51:21.878Z",
"dateReserved": "2023-06-27T15:11:59.869Z",
"dateUpdated": "2025-02-28T19:33:32.737Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-33140 (GCVE-0-2023-33140)
Vulnerability from nvd – Published: 2023-06-13 23:26 – Updated: 2025-03-19 19:54
VLAI?
Summary
Microsoft OneNote Spoofing Vulnerability
Severity ?
CWE
- Spoofing
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Microsoft | Microsoft OneNote for Universal |
Affected:
16.0.0 , < 16.0.14326.21450
(custom)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2025-03-19T19:54:49.951Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"url": "https://github.com/WlX-33/PoC-for-CVE/blob/main/CVE-2023-33140/Microsoft%20OneNote%20(Version%202305%20Build%2016.0.16501.20074)%2064-bit%20-%20Spoofing%20Vulnerability.txt"
},
{
"name": "Microsoft OneNote Spoofing Vulnerability",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-33140"
}
],
"title": "CVE Program Container",
"x_generator": {
"engine": "ADPogram 0.0.1"
}
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-33140",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-02-28T19:24:55.849362Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-290",
"description": "CWE-290 Authentication Bypass by Spoofing",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-02-28T19:41:06.392Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"platforms": [
"Unknown"
],
"product": "Microsoft OneNote for Universal",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "16.0.14326.21450",
"status": "affected",
"version": "16.0.0",
"versionType": "custom"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:microsoft:onenote_for_universal:*:*:*:*:*:*:*:*",
"versionEndExcluding": "16.0.14326.21450",
"versionStartIncluding": "16.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"datePublic": "2023-06-13T07:00:00.000Z",
"descriptions": [
{
"lang": "en-US",
"value": "Microsoft OneNote Spoofing Vulnerability"
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en-US",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Spoofing",
"lang": "en-US",
"type": "Impact"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-01-01T01:44:16.270Z",
"orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"shortName": "microsoft"
},
"references": [
{
"name": "Microsoft OneNote Spoofing Vulnerability",
"tags": [
"vendor-advisory"
],
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-33140"
}
],
"title": "Microsoft OneNote Spoofing Vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"assignerShortName": "microsoft",
"cveId": "CVE-2023-33140",
"datePublished": "2023-06-13T23:26:26.972Z",
"dateReserved": "2023-05-17T21:16:44.896Z",
"dateUpdated": "2025-03-19T19:54:49.951Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-21721 (GCVE-0-2023-21721)
Vulnerability from nvd – Published: 2023-02-14 19:32 – Updated: 2025-01-01 00:41
VLAI?
Summary
Microsoft OneNote Elevation of Privilege Vulnerability
Severity ?
CWE
- CWE-287 - Improper Authentication
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Microsoft | Microsoft OneNote for Android |
Affected:
16.0.1 , < 16.0.16026.20158
(custom)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T09:51:49.388Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "Microsoft OneNote Elevation of Privilege Vulnerability",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-21721"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"platforms": [
"Unknown"
],
"product": "Microsoft OneNote for Android",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "16.0.16026.20158",
"status": "affected",
"version": "16.0.1",
"versionType": "custom"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:microsoft:onenote_for_android:*:*:*:*:*:*:*:*",
"versionEndExcluding": "16.0.16026.20158",
"versionStartIncluding": "16.0.1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"datePublic": "2023-02-14T08:00:00+00:00",
"descriptions": [
{
"lang": "en-US",
"value": "Microsoft OneNote Elevation of Privilege Vulnerability"
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en-US",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-287",
"description": "CWE-287: Improper Authentication",
"lang": "en-US",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-01-01T00:41:22.970Z",
"orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"shortName": "microsoft"
},
"references": [
{
"name": "Microsoft OneNote Elevation of Privilege Vulnerability",
"tags": [
"vendor-advisory"
],
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-21721"
}
],
"title": "Microsoft OneNote Elevation of Privilege Vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"assignerShortName": "microsoft",
"cveId": "CVE-2023-21721",
"datePublished": "2023-02-14T19:32:48.000Z",
"dateReserved": "2022-12-13T18:08:03.492Z",
"dateUpdated": "2025-01-01T00:41:22.970Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-8509 (GCVE-0-2017-8509)
Vulnerability from nvd – Published: 2017-06-15 01:00 – Updated: 2024-08-05 16:41
VLAI?
Summary
A remote code execution vulnerability exists in Microsoft Office when the software fails to properly handle objects in memory, aka "Office Remote Code Execution Vulnerability". This CVE ID is unique from CVE-2017-8510, CVE-2017-8511, CVE-2017-8512, CVE-2017-0260, and CVE-2017-8506.
Severity ?
No CVSS data available.
CWE
- Remote Code Execution
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Microsoft Corporation | Microsoft Office |
Affected:
Microsoft Office 2007 Service Pack 3, Microsoft Office Compatibility Pack Service Pack 3, Microsoft Word 2007, Microsoft Office 2010 Service Pack 2, Microsoft Word 2010 Service Pack 2, Microsoft Office 2013 Service Pack 1, Microsoft Office 2016, Microsoft Office Web Apps 2010 Service Pack 2, Microsoft Office Web Apps Server 2013 Service Pack 1, Microsoft Word 2013 RT Service Pack 1, Microsoft OneNote 2010 Service Pack 2, Microsoft SharePoint Enterprise Server 2013 Service Pack 1, Microsoft SharePoint Enterprise Server 2016, and Microsoft Word 2016
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T16:41:23.029Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8509"
},
{
"name": "98812",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/98812"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Microsoft Office",
"vendor": "Microsoft Corporation",
"versions": [
{
"status": "affected",
"version": "Microsoft Office 2007 Service Pack 3, Microsoft Office Compatibility Pack Service Pack 3, Microsoft Word 2007, Microsoft Office 2010 Service Pack 2, Microsoft Word 2010 Service Pack 2, Microsoft Office 2013 Service Pack 1, Microsoft Office 2016, Microsoft Office Web Apps 2010 Service Pack 2, Microsoft Office Web Apps Server 2013 Service Pack 1, Microsoft Word 2013 RT Service Pack 1, Microsoft OneNote 2010 Service Pack 2, Microsoft SharePoint Enterprise Server 2013 Service Pack 1, Microsoft SharePoint Enterprise Server 2016, and Microsoft Word 2016"
}
]
}
],
"datePublic": "2017-06-13T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "A remote code execution vulnerability exists in Microsoft Office when the software fails to properly handle objects in memory, aka \"Office Remote Code Execution Vulnerability\". This CVE ID is unique from CVE-2017-8510, CVE-2017-8511, CVE-2017-8512, CVE-2017-0260, and CVE-2017-8506."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Remote Code Execution",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-06-15T09:57:01",
"orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"shortName": "microsoft"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8509"
},
{
"name": "98812",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/98812"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secure@microsoft.com",
"ID": "CVE-2017-8509",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Microsoft Office",
"version": {
"version_data": [
{
"version_value": "Microsoft Office 2007 Service Pack 3, Microsoft Office Compatibility Pack Service Pack 3, Microsoft Word 2007, Microsoft Office 2010 Service Pack 2, Microsoft Word 2010 Service Pack 2, Microsoft Office 2013 Service Pack 1, Microsoft Office 2016, Microsoft Office Web Apps 2010 Service Pack 2, Microsoft Office Web Apps Server 2013 Service Pack 1, Microsoft Word 2013 RT Service Pack 1, Microsoft OneNote 2010 Service Pack 2, Microsoft SharePoint Enterprise Server 2013 Service Pack 1, Microsoft SharePoint Enterprise Server 2016, and Microsoft Word 2016"
}
]
}
}
]
},
"vendor_name": "Microsoft Corporation"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A remote code execution vulnerability exists in Microsoft Office when the software fails to properly handle objects in memory, aka \"Office Remote Code Execution Vulnerability\". This CVE ID is unique from CVE-2017-8510, CVE-2017-8511, CVE-2017-8512, CVE-2017-0260, and CVE-2017-8506."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Remote Code Execution"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8509",
"refsource": "CONFIRM",
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8509"
},
{
"name": "98812",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/98812"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"assignerShortName": "microsoft",
"cveId": "CVE-2017-8509",
"datePublished": "2017-06-15T01:00:00",
"dateReserved": "2017-05-03T00:00:00",
"dateUpdated": "2024-08-05T16:41:23.029Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-0197 (GCVE-0-2017-0197)
Vulnerability from nvd – Published: 2017-04-12 14:00 – Updated: 2024-08-05 12:55
VLAI?
Summary
Microsoft OneNote 2007 SP3 and Microsoft OneNote 2010 SP2 allow remote attackers to execute arbitrary code via a crafted document, aka "Microsoft Office DLL Loading Vulnerability."
Severity ?
No CVSS data available.
CWE
- Remote Code Execution
Assigner
References
| URL | Tags | |||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Microsoft Corporation | Office |
Affected:
OneNote 2007 SP3 and Microsoft OneNote 2010 SP2
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T12:55:19.150Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "97411",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/97411"
},
{
"name": "1038241",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1038241"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0197"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://twitter.com/buffaloverflow/status/852937040480149505"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Office",
"vendor": "Microsoft Corporation",
"versions": [
{
"status": "affected",
"version": "OneNote 2007 SP3 and Microsoft OneNote 2010 SP2"
}
]
}
],
"datePublic": "2017-04-11T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Microsoft OneNote 2007 SP3 and Microsoft OneNote 2010 SP2 allow remote attackers to execute arbitrary code via a crafted document, aka \"Microsoft Office DLL Loading Vulnerability.\""
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Remote Code Execution",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-10T09:57:01",
"orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"shortName": "microsoft"
},
"references": [
{
"name": "97411",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/97411"
},
{
"name": "1038241",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1038241"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0197"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://twitter.com/buffaloverflow/status/852937040480149505"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secure@microsoft.com",
"ID": "CVE-2017-0197",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Office",
"version": {
"version_data": [
{
"version_value": "OneNote 2007 SP3 and Microsoft OneNote 2010 SP2"
}
]
}
}
]
},
"vendor_name": "Microsoft Corporation"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Microsoft OneNote 2007 SP3 and Microsoft OneNote 2010 SP2 allow remote attackers to execute arbitrary code via a crafted document, aka \"Microsoft Office DLL Loading Vulnerability.\""
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Remote Code Execution"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "97411",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/97411"
},
{
"name": "1038241",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1038241"
},
{
"name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0197",
"refsource": "CONFIRM",
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0197"
},
{
"name": "https://twitter.com/buffaloverflow/status/852937040480149505",
"refsource": "MISC",
"url": "https://twitter.com/buffaloverflow/status/852937040480149505"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"assignerShortName": "microsoft",
"cveId": "CVE-2017-0197",
"datePublished": "2017-04-12T14:00:00",
"dateReserved": "2016-09-09T00:00:00",
"dateUpdated": "2024-08-05T12:55:19.150Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2016-3315 (GCVE-0-2016-3315)
Vulnerability from nvd – Published: 2016-08-09 21:00 – Updated: 2024-08-05 23:47
VLAI?
Summary
Microsoft OneNote 2007 SP3, 2010 SP2, 2013 SP1, 2013 RT SP1, 2016, and 2016 for Mac allow remote attackers to obtain sensitive information via a crafted OneNote file, aka "Microsoft OneNote Information Disclosure Vulnerability."
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T23:47:59.183Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "1036559",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1036559"
},
{
"name": "92294",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/92294"
},
{
"name": "MS16-099",
"tags": [
"vendor-advisory",
"x_refsource_MS",
"x_transferred"
],
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-099"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2016-08-09T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Microsoft OneNote 2007 SP3, 2010 SP2, 2013 SP1, 2013 RT SP1, 2016, and 2016 for Mac allow remote attackers to obtain sensitive information via a crafted OneNote file, aka \"Microsoft OneNote Information Disclosure Vulnerability.\""
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-12T19:57:01",
"orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"shortName": "microsoft"
},
"references": [
{
"name": "1036559",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1036559"
},
{
"name": "92294",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/92294"
},
{
"name": "MS16-099",
"tags": [
"vendor-advisory",
"x_refsource_MS"
],
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-099"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secure@microsoft.com",
"ID": "CVE-2016-3315",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Microsoft OneNote 2007 SP3, 2010 SP2, 2013 SP1, 2013 RT SP1, 2016, and 2016 for Mac allow remote attackers to obtain sensitive information via a crafted OneNote file, aka \"Microsoft OneNote Information Disclosure Vulnerability.\""
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1036559",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1036559"
},
{
"name": "92294",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/92294"
},
{
"name": "MS16-099",
"refsource": "MS",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-099"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"assignerShortName": "microsoft",
"cveId": "CVE-2016-3315",
"datePublished": "2016-08-09T21:00:00",
"dateReserved": "2016-03-15T00:00:00",
"dateUpdated": "2024-08-05T23:47:59.183Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2015-2503 (GCVE-0-2015-2503)
Vulnerability from nvd – Published: 2015-11-11 11:00 – Updated: 2024-08-06 05:17
VLAI?
Summary
Microsoft Access 2007 SP3, Excel 2007 SP3, InfoPath 2007 SP3, OneNote 2007 SP3, PowerPoint 2007 SP3, Project 2007 SP3, Publisher 2007 SP3, Visio 2007 SP3, Word 2007 SP3, Office 2007 IME (Japanese) SP3, Access 2010 SP2, Excel 2010 SP2, InfoPath 2010 SP2, OneNote 2010 SP2, PowerPoint 2010 SP2, Project 2010 SP2, Publisher 2010 SP2, Visio 2010 SP2, Word 2010 SP2, Pinyin IME 2010, Access 2013 SP1, Excel 2013 SP1, InfoPath 2013 SP1, OneNote 2013 SP1, PowerPoint 2013 SP1, Project 2013 SP1, Publisher 2013 SP1, Visio 2013 SP1, Word 2013 SP1, Excel 2013 RT SP1, OneNote 2013 RT SP1, PowerPoint 2013 RT SP1, Word 2013 RT SP1, Access 2016, Excel 2016, OneNote 2016, PowerPoint 2016, Project 2016, Publisher 2016, Visio 2016, Word 2016, Skype for Business 2016, and Lync 2013 SP1 allow remote attackers to bypass a sandbox protection mechanism and gain privileges via a crafted web site that is accessed with Internet Explorer, as demonstrated by a transition from Low Integrity to Medium Integrity, aka "Microsoft Office Elevation of Privilege Vulnerability."
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T05:17:27.099Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "1034117",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1034117"
},
{
"name": "1034122",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1034122"
},
{
"name": "MS15-116",
"tags": [
"vendor-advisory",
"x_refsource_MS",
"x_transferred"
],
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-116"
},
{
"name": "1034119",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1034119"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2015-11-10T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Microsoft Access 2007 SP3, Excel 2007 SP3, InfoPath 2007 SP3, OneNote 2007 SP3, PowerPoint 2007 SP3, Project 2007 SP3, Publisher 2007 SP3, Visio 2007 SP3, Word 2007 SP3, Office 2007 IME (Japanese) SP3, Access 2010 SP2, Excel 2010 SP2, InfoPath 2010 SP2, OneNote 2010 SP2, PowerPoint 2010 SP2, Project 2010 SP2, Publisher 2010 SP2, Visio 2010 SP2, Word 2010 SP2, Pinyin IME 2010, Access 2013 SP1, Excel 2013 SP1, InfoPath 2013 SP1, OneNote 2013 SP1, PowerPoint 2013 SP1, Project 2013 SP1, Publisher 2013 SP1, Visio 2013 SP1, Word 2013 SP1, Excel 2013 RT SP1, OneNote 2013 RT SP1, PowerPoint 2013 RT SP1, Word 2013 RT SP1, Access 2016, Excel 2016, OneNote 2016, PowerPoint 2016, Project 2016, Publisher 2016, Visio 2016, Word 2016, Skype for Business 2016, and Lync 2013 SP1 allow remote attackers to bypass a sandbox protection mechanism and gain privileges via a crafted web site that is accessed with Internet Explorer, as demonstrated by a transition from Low Integrity to Medium Integrity, aka \"Microsoft Office Elevation of Privilege Vulnerability.\""
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-12T19:57:01",
"orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"shortName": "microsoft"
},
"references": [
{
"name": "1034117",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1034117"
},
{
"name": "1034122",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1034122"
},
{
"name": "MS15-116",
"tags": [
"vendor-advisory",
"x_refsource_MS"
],
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-116"
},
{
"name": "1034119",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1034119"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secure@microsoft.com",
"ID": "CVE-2015-2503",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Microsoft Access 2007 SP3, Excel 2007 SP3, InfoPath 2007 SP3, OneNote 2007 SP3, PowerPoint 2007 SP3, Project 2007 SP3, Publisher 2007 SP3, Visio 2007 SP3, Word 2007 SP3, Office 2007 IME (Japanese) SP3, Access 2010 SP2, Excel 2010 SP2, InfoPath 2010 SP2, OneNote 2010 SP2, PowerPoint 2010 SP2, Project 2010 SP2, Publisher 2010 SP2, Visio 2010 SP2, Word 2010 SP2, Pinyin IME 2010, Access 2013 SP1, Excel 2013 SP1, InfoPath 2013 SP1, OneNote 2013 SP1, PowerPoint 2013 SP1, Project 2013 SP1, Publisher 2013 SP1, Visio 2013 SP1, Word 2013 SP1, Excel 2013 RT SP1, OneNote 2013 RT SP1, PowerPoint 2013 RT SP1, Word 2013 RT SP1, Access 2016, Excel 2016, OneNote 2016, PowerPoint 2016, Project 2016, Publisher 2016, Visio 2016, Word 2016, Skype for Business 2016, and Lync 2013 SP1 allow remote attackers to bypass a sandbox protection mechanism and gain privileges via a crafted web site that is accessed with Internet Explorer, as demonstrated by a transition from Low Integrity to Medium Integrity, aka \"Microsoft Office Elevation of Privilege Vulnerability.\""
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1034117",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1034117"
},
{
"name": "1034122",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1034122"
},
{
"name": "MS15-116",
"refsource": "MS",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-116"
},
{
"name": "1034119",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1034119"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"assignerShortName": "microsoft",
"cveId": "CVE-2015-2503",
"datePublished": "2015-11-11T11:00:00",
"dateReserved": "2015-03-19T00:00:00",
"dateUpdated": "2024-08-06T05:17:27.099Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}