This CPE summary could be partial or incomplete. Please contact us for a detailed listing.

Summary

Detail
Vendor Microsoft First view 2008-09-10
Product Office Onenote Last view 2008-09-10
Version 2010 Type
Update sp1  
Edition  
Language  
Sofware Edition  
Target Software  
Target Hardware  
Other  

Activity : Overall

COMMON PLATFORM ENUMERATION: Repartition per Version

CPE Name Affected CVE
cpe:2.3:a:microsoft:office_onenote:2007:sp1:*:*:*:*:*:* 1
cpe:2.3:a:microsoft:office_onenote:2007:gold:*:*:*:*:*:* 1

Related : CVE

  Date Alert Description
9.3 2008-09-10 CVE-2008-3007

Argument injection vulnerability in a URI handler in Microsoft Office XP SP3, 2003 SP2 and SP3, 2007 Office System Gold and SP1, and Office OneNote 2007 Gold and SP1 allow remote attackers to execute arbitrary code via a crafted onenote:// URL, aka "Uniform Resource Locator Validation Error Vulnerability."

CWE : Common Weakness Enumeration

%idName
100% (1) CWE-20 Improper Input Validation

Oval Markup Language : Definitions

OvalID Name
oval:org.mitre.oval:def:5970 Uniform Resource Locator Validation Error Vulnerability

Open Source Vulnerability Database (OSVDB)

id Description
47964 Microsoft Office OneNote Protocol Handler (onenote://) URI Handling Arbitrary...

OpenVAS Exploits

id Description
2008-09-10 Name : Microsoft Office Remote Code Execution Vulnerabilities (955047)
File : nvt/secpod_ms08-055_900046.nasl

Information Assurance Vulnerability Management (IAVM)

id Description
2008-B-0058 Microsoft Office Remote Code Execution Vulnerability
Severity: Category II - VMSKEY: V0017345

Snort® IPS/IDS

Date Description
2014-01-10 Microsoft Office OneNote iframe caller exploit attempt
RuleID : 14262 - Type : FILE-OFFICE - Revision : 16

Nessus® Vulnerability Scanner

id Description
2008-09-10 Name: Arbitrary code can be executed on the remote host through Microsoft Office.
File: smb_nt_ms08-055.nasl - Type: ACT_GATHER_INFO