Forum Thread: Microsoft Office OneNote URI Handling Vulnerability

You are currently viewing a forum thread in the Secunia Community Forum. Please note that opinions expressed here are not of Secunia but solely reflect those of the user who wrote it.

This thread was submitted in the following forum:
Vulnerabilities

See the original Secunia advisory:
Microsoft Office OneNote URI Handling Vulnerability

Secunia Microsoft Office OneNote URI Handling Vulnerability
Secunia Official 18th Apr, 2010 16:15
Ranking: 0
Posts: 0
User Since: -
System Score: -
Location: Copenhagen, DK
A vulnerability has been reported in Microsoft Office OneNote, which can be exploited by malicious people to compromise a user's system.

The vulnerability is caused due to missing input validation when processing a URI using the "onenote://" protocol handler. This can be exploited to e.g. place files on a user's system in semi-arbitrary locations or obtain all OneNote Notebooks from the user's system via a specially crafted OneNote URI.

NOTE: According to the vendor, the vulnerability exists in a shared Office component, but can only be exploited on systems with OneNote 2007 installed.

DalilaSoft

RE: Microsoft Office OneNote URI Handling Vulnerability
[+]
This reply has been deleted

mogs

RE: Microsoft Office OneNote URI Handling Vulnerability
[+]
This reply has been minimised due to a negative Relevancy Score.