Product:

Onenote

(Microsoft)
Repositories

Unknown:

This might be proprietary software.

#Vulnerabilities 12
Date Id Summary Products Score Patch Annotated
2023-06-14 CVE-2023-33140 Microsoft OneNote Spoofing Vulnerability Onenote 6.5
2014-08-12 CVE-2014-2815 Microsoft OneNote 2007 SP3 allows remote attackers to execute arbitrary code via a crafted OneNote file that triggers creation of an executable file in a startup folder, aka "OneNote Remote Code Execution Vulnerability." Onenote 8.8
2017-06-15 CVE-2017-8509 A remote code execution vulnerability exists in Microsoft Office when the software fails to properly handle objects in memory, aka "Office Remote Code Execution Vulnerability". This CVE ID is unique from CVE-2017-8510, CVE-2017-8511, CVE-2017-8512, CVE-2017-0260, and CVE-2017-8506. Office, Office_compatibility_pack, Office_web_apps, Office_web_apps_server, Onenote, Sharepoint_server, Word, Word_for_mac 8.8
2017-04-12 CVE-2017-0197 Microsoft OneNote 2007 SP3 and Microsoft OneNote 2010 SP2 allow remote attackers to execute arbitrary code via a crafted document, aka "Microsoft Office DLL Loading Vulnerability." Onenote 7.8
2016-08-09 CVE-2016-3315 Microsoft OneNote 2007 SP3, 2010 SP2, 2013 SP1, 2013 RT SP1, 2016, and 2016 for Mac allow remote attackers to obtain sensitive information via a crafted OneNote file, aka "Microsoft OneNote Information Disclosure Vulnerability." Onenote, Onenote_for_mac 5.5
2015-11-11 CVE-2015-2503 Microsoft Access 2007 SP3, Excel 2007 SP3, InfoPath 2007 SP3, OneNote 2007 SP3, PowerPoint 2007 SP3, Project 2007 SP3, Publisher 2007 SP3, Visio 2007 SP3, Word 2007 SP3, Office 2007 IME (Japanese) SP3, Access 2010 SP2, Excel 2010 SP2, InfoPath 2010 SP2, OneNote 2010 SP2, PowerPoint 2010 SP2, Project 2010 SP2, Publisher 2010 SP2, Visio 2010 SP2, Word 2010 SP2, Pinyin IME 2010, Access 2013 SP1, Excel 2013 SP1, InfoPath 2013 SP1, OneNote 2013 SP1, PowerPoint 2013 SP1, Project 2013 SP1,... Access, Excel, Infopath, Lync, Office_2007_ime, Onenote, Pinyin_ime, Powerpoint, Project, Project_server, Publisher, Skype_for_business, Visio, Word N/A
2008-07-07 CVE-2008-3068 Microsoft Crypto API 5.131.2600.2180 through 6.0, as used in Outlook, Windows Live Mail, and Office 2007, performs Certificate Revocation List (CRL) checks by using an arbitrary URL from a certificate embedded in a (1) S/MIME e-mail message or (2) signed document, which allows remote attackers to obtain reading times and IP addresses of recipients, and port-scan results, via a crafted certificate with an Authority Information Access (AIA) extension. Access, Excel, Frontpage, Groove, Infopath, Office, Office_communicator, Onenote, Outlook, Powerpoint, Project_professional, Project_standard, Publisher, Sharepoint_designer, Visio_professional, Visio_standard, Windows_live_mail N/A
2007-02-03 CVE-2007-0671 Unspecified vulnerability in Microsoft Excel 2000, XP, 2003, and 2004 for Mac, and possibly other Office products, allows remote user-assisted attackers to execute arbitrary code via unknown attack vectors, as demonstrated by Exploit-MSExcel.h in targeted zero-day attacks. Access, Excel, Excel_viewer, Frontpage, Infopath, Office, Onenote, Outlook, Powerpoint, Project, Publisher, Visio, Word, Word_viewer N/A
2006-10-10 CVE-2006-3877 Unspecified vulnerability in PowerPoint in Microsoft Office 2000, Office 2002, Office 2003, Office 2004 for Mac, and Office v.X for Mac allows user-assisted attackers to execute arbitrary code via an unspecified "crafted file," a different vulnerability than CVE-2006-3435, CVE-2006-4694, and CVE-2006-3876. Access, Excel, Excel_viewer, Frontpage, Infopath, Office, Onenote, Outlook, Powerpoint, Project, Publisher, Visio, Word, Word_viewer N/A
2004-09-28 CVE-2004-0200 Buffer overflow in the JPEG (JPG) parsing engine in the Microsoft Graphic Device Interface Plus (GDI+) component, GDIPlus.dll, allows remote attackers to execute arbitrary code via a JPEG image with a small JPEG COM field length that is normalized to a large integer length before a memory copy operation. \.net_framework, Digital_image_pro, Digital_image_suite, Excel, Frontpage, Greetings, Infopath, Office, Onenote, Outlook, Picture_it, Powerpoint, Producer, Project, Publisher, Visio, Visual_basic, Visual_c\#, Visual_c\+\+, Visual_j\#_\.net, Visual_studio_\.net, Windows_2003_server, Windows_xp, Word N/A