threat
engine
.sh
Back
·
··:··
Home
/
Product
/
microsoft onenote
Product
microsoft onenote
16 known vulnerabilities across versions
Vulnerabilities are listed by affected version. Select any CVE for the full briefing and its intelligence graph.
Sort
Newest first
Oldest first
Highest CVSS
Lowest CVSS
Min CVSS
Any
4.0+
7.0+ (High)
9.0+ (Critical)
Published since
Reset
CVE-2026-26133
< 16.0.19725.20142
AI command injection in M365 Copilot allows an unauthorized attacker to disclose information over a network.
7.1
HIGH
CVE-2025-29822
all versions
Incomplete list of disallowed inputs in Microsoft Office OneNote allows an unauthorized attacker to bypass a security feature loca
7.8
HIGH
CVE-2025-21402
all versions
Microsoft Office OneNote Remote Code Execution Vulnerability
7.8
HIGH
CVE-2024-41159
all versions
A library injection vulnerability exists in Microsoft OneNote 16.83 for macOS. A specially crafted library can leverage OneNote's
7.1
HIGH
CVE-2023-36769
all versions
Microsoft OneNote Spoofing Vulnerability
4.6
MEDIUM
CVE-2023-33140
all versions
Microsoft OneNote Spoofing Vulnerability
6.5
MEDIUM
CVE-2023-21721
< 16.0.16026.20158
Microsoft OneNote Elevation of Privilege Vulnerability
6.5
MEDIUM
CVE-2017-8509
all versions
A remote code execution vulnerability exists in Microsoft Office when the software fails to properly handle objects in memory, aka
8.8
HIGH
CVE-2017-0197
all versions
Microsoft OneNote 2007 SP3 and Microsoft OneNote 2010 SP2 allow remote attackers to execute arbitrary code via a crafted document,
7.8
HIGH
CVE-2016-3315
all versions
Microsoft OneNote 2007 SP3, 2010 SP2, 2013 SP1, 2013 RT SP1, 2016, and 2016 for Mac allow remote attackers to obtain sensitive inf
5.5
MEDIUM
CVE-2015-2503
all versions
Microsoft Access 2007 SP3, Excel 2007 SP3, InfoPath 2007 SP3, OneNote 2007 SP3, PowerPoint 2007 SP3, Project 2007 SP3, Publisher 2
CVE-2014-2815
all versions
Microsoft OneNote 2007 SP3 allows remote attackers to execute arbitrary code via a crafted OneNote file that triggers creation of
8.8
HIGH
CVE-2008-3068
all versions
Microsoft Crypto API 5.131.2600.2180 through 6.0, as used in Outlook, Windows Live Mail, and Office 2007, performs Certificate Rev
CVE-2007-0671
all versions
Unspecified vulnerability in Microsoft Excel 2000, XP, 2003, and 2004 for Mac, and possibly other Office products, allows remote u
8.8
HIGH
CVE-2006-3877
all versions
Unspecified vulnerability in PowerPoint in Microsoft Office 2000, Office 2002, Office 2003, Office 2004 for Mac, and Office v.X fo
CVE-2004-0200
all versions
Buffer overflow in the JPEG (JPG) parsing engine in the Microsoft Graphic Device Interface Plus (GDI+) component, GDIPlus.dll, all
Vulnerabilities
CISA KEV catalog
CWE weaknesses
CAPEC attack patterns
Package vulnerabilities
Threat intelligence
Threat actors
Tools & malware
ATT&CK techniques
IOCs
Detection & defense
Sigma rules
YARA rules
Atomic Red Team tests
D3FEND countermeasures
Compliance
NIST 800-53
ISO 27001:2022
SOC 2 TSC
PCI-DSS v4.0
CIS Controls v8.1
About
All capabilities
Live statistics
Data sources
Privacy policy
Terms of service
threatengine.sh · Open-source threat intelligence platform · 100+ authoritative sources · Every fact traces to its origin