Home

CVE-2016-3315

Description

Microsoft OneNote 2007 SP3, 2010 SP2, 2013 SP1, 2013 RT SP1, 2016, and 2016 for Mac allow remote attackers to obtain sensitive information via a crafted OneNote file, aka Microsoft OneNote Information Disclosure Vulnerability.

Risk Information

Base Score
5.5
MODERATE
Vector
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
EPSS Score
Exploitation Probability
34.655

Associated Vulnerability

VulnerabilityOS Platform
Microsoft OneNote Information Disclosure Vulnerability for Microsoft Office 2013 (KB3115427) 64-Bit EditionWindows
Microsoft OneNote Information Disclosure Vulnerability for Microsoft Office 2013 (KB3115427) 32-Bit EditionWindows
Microsoft Office Graphics Remote Code Execution Vulnerability for Microsoft Office 2007 suites (KB3114893)Windows
Microsoft OneNote Information Disclosure Vulnerability for Microsoft Office 2016 (KB3115415) 64-Bit EditionWindows
Microsoft OneNote Information Disclosure Vulnerability for Microsoft Office 2016 (KB3115415) 32-Bit EditionWindows
Microsoft OneNote Information Disclosure Vulnerability for Microsoft Office 2010 (KB3114869) 64-Bit EditionWindows
Microsoft OneNote Information Disclosure Vulnerability for Microsoft Office 2010 (KB3114869) 32-Bit EditionWindows
Microsoft Office Graphics Remote Code Execution Vulnerability for Word Viewer (KB3115479)Windows
Microsoft OneNote Information Disclosure Vulnerability for Microsoft OneNote 2016 (KB3115419) 64-Bit EditionWindows
Microsoft OneNote Information Disclosure Vulnerability for Microsoft OneNote 2016 (KB3115419) 32-Bit EditionWindows
Microsoft OneNote Information Disclosure Vulnerability for Microsoft Office OneNote 2007 (KB3114456)Windows
Microsoft OneNote Information Disclosure Vulnerability for Microsoft OneNote 2010 (KB3114885) 64-Bit EditionWindows
Microsoft OneNote Information Disclosure Vulnerability for Microsoft OneNote 2010 (KB3114885) 32-Bit EditionWindows
Microsoft OneNote Information Disclosure Vulnerability for Microsoft Office 2013 (KB3114340) 64-Bit EditionWindows
Microsoft OneNote Information Disclosure Vulnerability for Microsoft Office 2013 (KB3114340) 32-Bit EditionWindows
Microsoft OneNote Information Disclosure Vulnerability for Microsoft Office 2007 suites (KB3114442)Windows
Microsoft OneNote Information Disclosure Vulnerability for Microsoft Office 2010 (KB3114400) 64-Bit EditionWindows
Microsoft OneNote Information Disclosure Vulnerability for Microsoft Office 2010 (KB3114400) 32-Bit EditionWindows
Microsoft Office Graphics Remote Code Execution Vulnerability for Word Viewer (KB3115480)Windows
Microsoft Office Graphics Remote Code Execution Vulnerability for Microsoft Office Word 2007 (KB3115465)Windows
Microsoft OneNote Information Disclosure Vulnerability for Microsoft OneNote 2013 (KB3115256) 32-Bit EditionWindows
Microsoft OneNote Information Disclosure Vulnerability for Microsoft OneNote 2013 (KB3115256) 64-Bit EditionWindows

Patch Details

Click to see the patches provided by ManageEngine for this CVE
Patch IDPatch Description
PATCH-21280Security Update for Microsoft Office 2013 (KB3115427) 64-Bit Edition
PATCH-21279Security Update for Microsoft Office 2013 (KB3115427) 32-Bit Edition
PATCH-21286Security Update for Microsoft Office 2016 (KB3115415) 64-Bit Edition
PATCH-21285Security Update for Microsoft Office 2016 (KB3115415) 32-Bit Edition
PATCH-21291Security Update for Word Viewer (KB3115479)
PATCH-21288Security Update for Microsoft OneNote 2016 (KB3115419) 64-Bit Edition
PATCH-21287Security Update for Microsoft OneNote 2016 (KB3115419) 32-Bit Edition
PATCH-21265Security Update for Microsoft Office OneNote 2007 (KB3114456)
PATCH-21274Security Update for Microsoft OneNote 2010 (KB3114885) 64-Bit Edition
PATCH-21273Security Update for Microsoft OneNote 2010 (KB3114885) 32-Bit Edition
PATCH-21278Security Update for Microsoft Office 2013 (KB3114340) 64-Bit Edition
PATCH-21277Security Update for Microsoft Office 2013 (KB3114340) 32-Bit Edition
PATCH-21263Security Update for Microsoft Office 2007 suites (KB3114442)
PATCH-21268Security Update for Microsoft Office 2010 (KB3114400) 64-Bit Edition
PATCH-21267Security Update for Microsoft Office 2010 (KB3114400) 32-Bit Edition
PATCH-21292Security Update for Word Viewer (KB3115480)
PATCH-21266Security Update for Microsoft Office Word 2007 (KB3115465)
PATCH-21282Security Update for Microsoft OneNote 2013 (KB3115256) 64-Bit Edition

References

https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234