MS13-025 Vulnerability in Microsoft OneNote Could Allow Information Disclosure
2013-03-12 This security update resolves a privately reported vulnerability in Microsoft OneNote. The vulnerability could allow information disclosure if an attacker convinces a user to open a specially crafted OneNote file.
Vulnerabilities addressed in this bulletin:
Bulletin details at Microsoft.com
Vulnerabilities addressed in this bulletin:
- Buffer Size Validation Vulnerability
- An information disclosure vulnerability exists in the way that Microsoft OneNote allocates memory from parsing a specially crafted OneNote (.ONE) file.
CVE-2013-0086
Bulletin details at Microsoft.com
Related CVE Entries
Microsoft OneNote 2010 SP1 does not properly determine buffer sizes during memory allocation, which allows remote attackers to obtain sensitive information via a crafted OneNote file, aka "Buffer Size Validation Vulnerability."
Max CVSS
5.0
EPSS Score
4.61%
Published
2013-03-13
Updated
2018-10-12