CVE-2023-36769: Microsoft OneNote Spoofing Vulnerability

Overview

Severity

Medium (CVSS 4.6)

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N/E:U/RL:O/RC:C

Category

Spoofing

Exploit Status

Not Exploited

Patch Tuesday

2023-Aug

Released

2023-08-15

EPSS Score

0.10% (percentile: 28.3%)

Affected Products (9)

Microsoft Office

• Microsoft Office 2019 for 32-bit editions
• Microsoft Office 2019 for 64-bit editions
• Microsoft Office LTSC 2021 for 64-bit editions
• Microsoft Office LTSC 2021 for 32-bit editions
• Microsoft OneNote 2016 (32-bit edition)
• Microsoft OneNote 2016 (64-bit edition)
• Microsoft OneNote 2013 Service Pack 1 (32-bit editions)
• Microsoft OneNote 2013 Service Pack 1 (64-bit editions)
• Microsoft OneNote 2013 RT Service Pack 1

Security Updates (4)

• 4484434
• 4484434
• 4022167
• 4022167

Acknowledgments

<a href="https://twitter.com/_r0ny">Jo&#227;o Domingos (@_r0ny)</a>

Revision History

• 2023-08-15: Information published. This CVE was addressed by updates that were released in August 2023, but the CVE was inadvertently omitted from the August 2023 Security Updates. Microsoft strongly recommends that customers running affected versions of OneNote install the updates to be protected from this vulnerability.