How many vulnerabilities affect onenote?

onenote has 4 known vulnerabilities, including 3 critical and 1 high severity issues.

Who develops onenote?

onenote is developed by microsoft.

CVEDNA

Name: onenote
Rating: 8.2 (4 reviews)
Author: microsoft

CVE-2026-26133

AI command injection in M365 Copilot allows an unauthorized attacker to disclose information over a network....

Affected versions: - 16.0.16026.20158

Published: Mar 16, 2026

7.1

CVSS

CVE-2025-29822

Incomplete list of disallowed inputs in Microsoft Office OneNote allows an unauthorized attacker to bypass a security feature locally....

Affected versions: - 2016

Published: Apr 8, 2025

7.8

CVSS

CVE-2025-21402

Microsoft Office OneNote Remote Code Execution Vulnerability...

Affected versions: -

Published: Jan 14, 2025

7.8

CVSS

CVE-2024-41159

A library injection vulnerability exists in Microsoft OneNote 16.83 for macOS. A specially crafted library can leverage OneNote's access privileges, leading to a permission bypass. A malicious applica...

Affected versions: 16.83

Published: Dec 18, 2024

7.1

CVSS

CVE-2017-8509

A remote code execution vulnerability exists in Microsoft Office when the software fails to properly handle objects in memory, aka "Office Remote Code Execution Vulnerability". This CVE ID is unique f...

Affected versions: 2010

Published: Jun 15, 2017

9.3

CVSS

CVE-2017-0197

Microsoft OneNote 2007 SP3 and Microsoft OneNote 2010 SP2 allow remote attackers to execute arbitrary code via a crafted document, aka "Microsoft Office DLL Loading Vulnerability."...

Affected versions: 2007 2010

Published: Apr 12, 2017

9.3

CVSS

CVE-2016-3315

Microsoft OneNote 2007 SP3, 2010 SP2, 2013 SP1, 2013 RT SP1, 2016, and 2016 for Mac allow remote attackers to obtain sensitive information via a crafted OneNote file, aka "Microsoft OneNote Informatio...

Affected versions: 2007 2010 2013 2016

Published: Aug 9, 2016

4.3

CVSS

CVE-2015-2503

Microsoft Access 2007 SP3, Excel 2007 SP3, InfoPath 2007 SP3, OneNote 2007 SP3, PowerPoint 2007 SP3, Project 2007 SP3, Publisher 2007 SP3, Visio 2007 SP3, Word 2007 SP3, Office 2007 IME (Japanese) SP3...

Affected versions: 2007 2010 2013 2016

Published: Nov 11, 2015

9.3

CVSS

CVE-2014-2815

Microsoft OneNote 2007 SP3 allows remote attackers to execute arbitrary code via a crafted OneNote file that triggers creation of an executable file in a startup folder, aka "OneNote Remote Code Execu...

Affected versions: 2007

Published: Aug 12, 2014

8.8

CVSS

CVE-2008-3068

Microsoft Crypto API 5.131.2600.2180 through 6.0, as used in Outlook, Windows Live Mail, and Office 2007, performs Certificate Revocation List (CRL) checks by using an arbitrary URL from a certificate...

Affected versions: 2003

Published: Jul 7, 2008

7.5

CVSS

CVE-2007-0671 KEV

Unspecified vulnerability in Microsoft Excel 2000, XP, 2003, and 2004 for Mac, and possibly other Office products, allows remote user-assisted attackers to execute arbitrary code via unknown attack ve...

Affected versions: 2003

Published: Feb 3, 2007

8.8

CVSS

CVE-2006-3877

Unspecified vulnerability in PowerPoint in Microsoft Office 2000, Office 2002, Office 2003, Office 2004 for Mac, and Office v.X for Mac allows user-assisted attackers to execute arbitrary code via an ...

Affected versions: 2003

Published: Oct 10, 2006

9.3

CVSS

CVE-2004-0200

Buffer overflow in the JPEG (JPG) parsing engine in the Microsoft Graphic Device Interface Plus (GDI+) component, GDIPlus.dll, allows remote attackers to execute arbitrary code via a JPEG image with a...

Affected versions: 2003

Published: Sep 28, 2004

9.3

CVSS

CVE Vulnerabilities

Posts & Pages

onenote

Recent CVEs