VYPR

Onenote

by Microsoft

CVEs (20)

  • CVE-2007-0671HigKEVFeb 3, 2007
    risk 0.73cvss 8.8epss 0.42

    Unspecified vulnerability in Microsoft Excel 2000, XP, 2003, and 2004 for Mac, and possibly other Office products, allows remote user-assisted attackers to execute arbitrary code via unknown attack vectors, as demonstrated by Exploit-MSExcel.h in targeted zero-day attacks.

  • CVE-2014-2815HigAug 12, 2014
    risk 0.61cvss 8.8epss 0.44

    Microsoft OneNote 2007 SP3 allows remote attackers to execute arbitrary code via a crafted OneNote file that triggers creation of an executable file in a startup folder, aka "OneNote Remote Code Execution Vulnerability."

  • CVE-2017-8509HigJun 15, 2017
    risk 0.59cvss 8.8epss 0.18

    A remote code execution vulnerability exists in Microsoft Office when the software fails to properly handle objects in memory, aka "Office Remote Code Execution Vulnerability". This CVE ID is unique from CVE-2017-8510, CVE-2017-8511, CVE-2017-8512, CVE-2017-0260, and…

  • CVE-2017-0197HigApr 12, 2017
    risk 0.52cvss 7.8epss 0.19

    Microsoft OneNote 2007 SP3 and Microsoft OneNote 2010 SP2 allow remote attackers to execute arbitrary code via a crafted document, aka "Microsoft Office DLL Loading Vulnerability."

  • CVE-2025-21402HigJan 14, 2025
    risk 0.51cvss 7.8epss 0.01

    Microsoft Office OneNote Remote Code Execution Vulnerability

  • CVE-2026-26133HigMar 16, 2026
    risk 0.46cvss 7.1epss 0.00

    AI command injection in M365 Copilot allows an unauthorized attacker to disclose information over a network.

  • CVE-2016-3315MedAug 9, 2016
    risk 0.38cvss 5.5epss 0.30

    Microsoft OneNote 2007 SP3, 2010 SP2, 2013 SP1, 2013 RT SP1, 2016, and 2016 for Mac allow remote attackers to obtain sensitive information via a crafted OneNote file, aka "Microsoft OneNote Information Disclosure Vulnerability."

  • CVE-2004-0200Sep 28, 2004
    risk 0.07cvss epss 0.49

    Buffer overflow in the JPEG (JPG) parsing engine in the Microsoft Graphic Device Interface Plus (GDI+) component, GDIPlus.dll, allows remote attackers to execute arbitrary code via a JPEG image with a small JPEG COM field length that is normalized to a large integer length…

  • CVE-2008-3007Sep 11, 2008
    risk 0.03cvss epss 0.32

    Argument injection vulnerability in a URI handler in Microsoft Office XP SP3, 2003 SP2 and SP3, 2007 Office System Gold and SP1, and Office OneNote 2007 Gold and SP1 allow remote attackers to execute arbitrary code via a crafted onenote:// URL, aka "Uniform Resource Locator…

  • CVE-2013-0086Mar 13, 2013
    risk 0.02cvss epss 0.24

    Microsoft OneNote 2010 SP1 does not properly determine buffer sizes during memory allocation, which allows remote attackers to obtain sensitive information via a crafted OneNote file, aka "Buffer Size Validation Vulnerability."

  • CVE-2022-44691Dec 13, 2022
    risk 0.01cvss epss 0.01

    Microsoft Office OneNote Remote Code Execution Vulnerability

  • CVE-2015-2503Nov 11, 2015
    risk 0.01cvss epss 0.17

    Microsoft Access 2007 SP3, Excel 2007 SP3, InfoPath 2007 SP3, OneNote 2007 SP3, PowerPoint 2007 SP3, Project 2007 SP3, Publisher 2007 SP3, Visio 2007 SP3, Word 2007 SP3, Office 2007 IME (Japanese) SP3, Access 2010 SP2, Excel 2010 SP2, InfoPath 2010 SP2, OneNote 2010 SP2,…

  • CVE-2008-3068Jul 7, 2008
    risk 0.01cvss epss 0.17

    Microsoft Crypto API 5.131.2600.2180 through 6.0, as used in Outlook, Windows Live Mail, and Office 2007, performs Certificate Revocation List (CRL) checks by using an arbitrary URL from a certificate embedded in a (1) S/MIME e-mail message or (2) signed document, which allows…

  • CVE-2006-3877Oct 10, 2006
    risk 0.01cvss epss 0.12

    Unspecified vulnerability in PowerPoint in Microsoft Office 2000, Office 2002, Office 2003, Office 2004 for Mac, and Office v.X for Mac allows user-assisted attackers to execute arbitrary code via an unspecified "crafted file," a different vulnerability than CVE-2006-3435,…

  • CVE-2025-29822Apr 8, 2025
    risk 0.00cvss epss 0.01

    Incomplete list of disallowed inputs in Microsoft Office OneNote allows an unauthorized attacker to bypass a security feature locally.

  • CVE-2024-41159Dec 18, 2024
    risk 0.00cvss epss 0.01

    A library injection vulnerability exists in Microsoft OneNote 16.83 for macOS. A specially crafted library can leverage OneNote's access privileges, leading to a permission bypass. A malicious application could inject a library and start the program to trigger this vulnerability…

  • CVE-2024-21384Feb 13, 2024
    risk 0.00cvss epss 0.01

    Microsoft Office OneNote Remote Code Execution Vulnerability

  • CVE-2023-36769Nov 6, 2023
    risk 0.00cvss epss 0.00

    Microsoft OneNote Spoofing Vulnerability

  • CVE-2023-33140Jun 13, 2023
    risk 0.00cvss epss 0.02

    Microsoft OneNote Spoofing Vulnerability

  • CVE-2023-21721Feb 14, 2023
    risk 0.00cvss epss 0.01

    Microsoft OneNote Elevation of Privilege Vulnerability