vendor:
OneNote
by:
nu11secur1ty
N/A
CVSS
HIGH
Spoofing
20
CWE
Product Name: OneNote
Affected Version From: Version 2305 Build 16.0.16501.20074
Affected Version To: Version 2305 Build 16.0.16501.20074
Patch Exists: NO
Related CWE: CVE-2023-33140
CPE: a:microsoft:onenote:2305:16.0.16501.20074
Platforms Tested: Windows
2023
Microsoft OneNote (Version 2305 Build 16.0.16501.20074) 64-bit – Spoofing
Microsoft OneNote is vulnerable to spoofing attacks. The malicious user can trick the victim into clicking on a very maliciously crafted URL or download some other malicious file and execute it. When this happens the game will be over for the victim and his computer will be compromised. Exploiting the vulnerability requires that a user open a specially crafted file with an affected version of Microsoft OneNote and then click on a specially crafted URL to be compromised by the attacker.
Mitigation:
No known mitigation at the moment