CVE-2016-3315
published 2016-08-09CVE-2016-3315: Microsoft OneNote 2007 SP3, 2010 SP2, 2013 SP1, 2013 RT SP1, 2016, and 2016 for Mac allow remote attackers to obtain sensitive information via a crafted…
PriorityP335medium5.5CVSS 3.0
AVLACLPRNUIRSUCHINAN
EPSS
30.15%
98.0th percentile
Microsoft OneNote 2007 SP3, 2010 SP2, 2013 SP1, 2013 RT SP1, 2016, and 2016 for Mac allow remote attackers to obtain sensitive information via a crafted OneNote file, aka "Microsoft OneNote Information Disclosure Vulnerability."
Affected
11 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| microsoft | onenote | — | — |
| microsoft | onenote | — | — |
| microsoft | onenote | — | — |
| microsoft | onenote | — | — |
| microsoft | onenote_for_mac | — | — |
| msrc | microsoft_onenote_2007_service_pack_3 | — | — |
| msrc | microsoft_onenote_2010_service_pack_2 | — | — |
| msrc | microsoft_onenote_2013_rt_service_pack_1 | — | — |
| msrc | microsoft_onenote_2013_service_pack_1 | — | — |
| msrc | microsoft_onenote_2016 | — | — |
| msrc | microsoft_onenote_for_mac_2016 | — | — |
CVSS provenance
nvdv3.05.5MEDIUMCVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
nvdv2.04.3MEDIUMAV:N/AC:M/Au:N/C:P/I:N/A:N
vendor_msrc5.5HIGH
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-pfp2-c9q6-64cg: Microsoft OneNote 2007 SP3, 2010 SP2, 2013 SP1, 2013 RT SP1, 2016, and 2016 for Mac allow remote attackers to obtain sensitive information via a craft
ghsa_unreviewed·2022-05-14
CVE-2016-3315 [MEDIUM] CWE-200 GHSA-pfp2-c9q6-64cg: Microsoft OneNote 2007 SP3, 2010 SP2, 2013 SP1, 2013 RT SP1, 2016, and 2016 for Mac allow remote attackers to obtain sensitive information via a craft
Microsoft OneNote 2007 SP3, 2010 SP2, 2013 SP1, 2013 RT SP1, 2016, and 2016 for Mac allow remote attackers to obtain sensitive information via a crafted OneNote file, aka "Microsoft OneNote Information Disclosure Vulnerability."
Microsoft
Microsoft OneNote Information Disclosure Vulnerability
vendor_msrc·2016-08-09·CVSS 5.5
CVE-2016-3315 [MEDIUM] Microsoft OneNote Information Disclosure Vulnerability
Microsoft OneNote Information Disclosure Vulnerability
Description: An information disclosure vulnerability exists when Microsoft OneNote improperly discloses its memory contents. An attacker who exploited the vulnerability could use the information to compromise the user’s computer or data.
To exploit the vulnerability, an attacker could create a specially crafted OneNote file and convince a victim to open it. For an attack to be successful, the attacker must know the specific location of OneNote objects in memory.
The update addresses the vulnerability by changing the way certain OneNote functions handle objects in memory.
Microsoft Office: Microsoft Office
Impact: Information Disclosure
Exploit Status: Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Unlikely;
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
http://www.securityfocus.com/bid/92294http://www.securitytracker.com/id/1036559https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-099http://www.securityfocus.com/bid/92294http://www.securitytracker.com/id/1036559https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-099
2016-08-09
Published