A vulnerability has been reported in Microsoft Office OneNote, which can be exploited by malicious people to compromise a user's system.
The vulnerability is caused due to missing input validation when processing a URI using the "onenote://" protocol handler. This can be exploited to e.g. place files on a user's system in semi-arbitrary locations or obtain all OneNote Notebooks from the user's system via a specially crafted OneNote URI.
NOTE: According to the vendor, the vulnerability exists in a shared Office component, but can only be exploited on systems with OneNote 2007 installed.
Do you have additional information related to this advisory?
Please provide information about patches, mitigating factors, new versions, exploits, faulty patches, links, and other relevant data by posting comments to this Advisory. You can also send this
information to firstname.lastname@example.org
Subject: Microsoft Office OneNote URI Handling Vulnerability
RE: Microsoft Office OneNote URI Handling Vulnerability
18th Apr, 2010 17:49
Score: 2265 Posts: 6,266 User Since: 22nd Apr 2009 System Score: 100% Location: UK
Could it be that Secunia is detecting older files ? Have you got a file path to the insecurity ? Are you using Secunia with the Advanced interface ? If so, clicking on the + sign alongside the program will expand it to reveal further information; Tech. Details etc.. where the file path can be confirmed.
It might also be helpful to supply more info about your set-up....Operating System, browser, so on and so forth. It may help the helper to help you in this instance or at some time in the future. You can add it to your signature in Edit Profile. It will save having to repeat it each time you post. Is RO Rio de Janeiro ?
I see you have been a user since 2007, so you may already be aware of much of the preceding. Nevertheless hope something is of some assistance. Regards,
Was this reply relevant?
You must be logged in to post a comment.
Secunia Customer Login
Not a customer already?
Learn more about how our market leading Vulnerability Management solutions can help you manage risk and ensure compliance.