cbcvebase.
CVE-2016-3315
published 2016-08-09

CVE-2016-3315: Microsoft OneNote 2007 SP3, 2010 SP2, 2013 SP1, 2013 RT SP1, 2016, and 2016 for Mac allow remote attackers to obtain sensitive information via a crafted…

PriorityP335medium5.5CVSS 3.0
AVLACLPRNUIRSUCHINAN
EPSS
30.15%
98.0th percentile
Microsoft OneNote 2007 SP3, 2010 SP2, 2013 SP1, 2013 RT SP1, 2016, and 2016 for Mac allow remote attackers to obtain sensitive information via a crafted OneNote file, aka "Microsoft OneNote Information Disclosure Vulnerability."

Affected

11 ranges
VendorProductVersion rangeFixed in
microsoftonenote
microsoftonenote
microsoftonenote
microsoftonenote
microsoftonenote_for_mac
msrcmicrosoft_onenote_2007_service_pack_3
msrcmicrosoft_onenote_2010_service_pack_2
msrcmicrosoft_onenote_2013_rt_service_pack_1
msrcmicrosoft_onenote_2013_service_pack_1
msrcmicrosoft_onenote_2016
msrcmicrosoft_onenote_for_mac_2016

CVSS provenance

nvdv3.05.5MEDIUMCVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
nvdv2.04.3MEDIUMAV:N/AC:M/Au:N/C:P/I:N/A:N
vendor_msrc5.5HIGH
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.