Onenote
CVE-2023-36769
MEDIUM
Severity by source
AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
Lifecycle Timeline
1DescriptionNVD
Microsoft OneNote Spoofing Vulnerability
AnalysisAI
Microsoft OneNote Spoofing Vulnerability. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity.
Technical ContextAI
This vulnerability is classified under CWE-290. Affected products include: Microsoft Onenote.
RemediationAI
A vendor patch is available. Apply the latest security update as soon as possible. Apply vendor patches when available. Implement network segmentation and monitoring as interim mitigations.
Microsoft OneNote 2007 SP3 and Microsoft OneNote 2010 SP2 allow remote attackers to execute arbitrary code via a crafted
Microsoft OneNote 2007 SP3 allows remote attackers to execute arbitrary code via a crafted OneNote file that triggers cr
Microsoft OneNote 2007 SP3, 2010 SP2, 2013 SP1, 2013 RT SP1, 2016, and 2016 for Mac allow remote attackers to obtain sen
Microsoft Access 2007 SP3, Excel 2007 SP3, InfoPath 2007 SP3, OneNote 2007 SP3, PowerPoint 2007 SP3, Project 2007 SP3, P
A library injection vulnerability exists in Microsoft OneNote 16.83 for macOS. Rated high severity (CVSS 7.1), this vuln
Microsoft OneNote Spoofing Vulnerability. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable,
A remote code execution vulnerability exists in Microsoft Office when the software fails to properly handle objects in m
Incomplete list of disallowed inputs in Microsoft Office OneNote allows an unauthorized attacker to bypass a security fe
Microsoft OneNote Elevation of Privilege Vulnerability. Rated medium severity (CVSS 6.5), this vulnerability is remotely
Same weakness CWE-290 – Authentication Bypass by Spoofing
View allSame technique Authentication Bypass
View allShare
External POC / Exploit Code
Leaving vuln.today