MS13-025  Vulnerability in Microsoft OneNote Could Allow Information Disclosure

2013-03-12 This security update resolves a privately reported vulnerability in Microsoft OneNote. The vulnerability could allow information disclosure if an attacker convinces a user to open a specially crafted OneNote file.
Vulnerabilities addressed in this bulletin:
Buffer Size Validation Vulnerability
An information disclosure vulnerability exists in the way that Microsoft OneNote allocates memory from parsing a specially crafted OneNote (.ONE) file.
CVE-2013-0086

Bulletin details at Microsoft.com

Related CVE Entries

CVE-2013-0086

Microsoft OneNote 2010 SP1 does not properly determine buffer sizes during memory allocation, which allows remote attackers to obtain sensitive information via a crafted OneNote file, aka "Buffer Size Validation Vulnerability."
Max CVSS
5.0
EPSS Score
4.61%
Published
2013-03-13
Updated
2018-10-12
This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!
Accept Close