This page lists publicly disclosed CVE vulnerabilities affecting microsoft onenote (linked via NVD CPE). Each row includes severity scores, summaries, and publication dates to help identify and analyze security issues.
| CVE | Summary | Source | Max CVSS | EPSS % | Published | Updated |
|---|---|---|---|---|---|---|
| CVE-2026-26133 | AI command injection in M365 Copilot allows an unauthorized attacker to disclose information over a network. | [email protected] | 7.1 | 0.05% | 2026-03-16 | 2026-04-09 |
| CVE-2025-29822 | Incomplete list of disallowed inputs in Microsoft Office OneNote allows an unauthorized attacker to bypass a security feature locally. | [email protected] | 7.8 | 0.98% | 2025-04-08 | 2025-07-08 |
| CVE-2025-21402 | Microsoft Office OneNote Remote Code Execution Vulnerability | [email protected] | 7.8 | 0.52% | 2025-01-14 | 2026-05-19 |
| CVE-2024-41159 | A library injection vulnerability exists in Microsoft OneNote 16.83 for macOS. A specially crafted library can leverage OneNote's access privileges, leading to a permission bypass. A malicious application could inject a library and start the program to trigger this vulnerability and then make use of the vulnerable application's permissions. | [email protected] | 7.1 | 0.01% | 2024-12-18 | 2025-08-25 |
| CVE-2023-36769 | Microsoft OneNote Spoofing Vulnerability | [email protected] | 4.6 | 0.10% | 2023-11-06 | 2025-02-28 |
| CVE-2023-33140 | Microsoft OneNote Spoofing Vulnerability | [email protected] | 6.5 | 5.53% | 2023-06-14 | 2025-04-10 |
| CVE-2023-21721 | Microsoft OneNote Elevation of Privilege Vulnerability | [email protected] | 6.5 | 6.12% | 2023-02-14 | 2024-11-21 |
| CVE-2017-8509 | A remote code execution vulnerability exists in Microsoft Office when the software fails to properly handle objects in memory, aka "Office Remote Code Execution Vulnerability". This CVE ID is unique from CVE-2017-8510, CVE-2017-8511, CVE-2017-8512, CVE-2017-0260, and CVE-2017-8506. | [email protected] | 8.8 | 5.63% | 2017-06-15 | 2026-05-13 |
| CVE-2017-0197 | Microsoft OneNote 2007 SP3 and Microsoft OneNote 2010 SP2 allow remote attackers to execute arbitrary code via a crafted document, aka "Microsoft Office DLL Loading Vulnerability." | [email protected] | 7.8 | 27.81% | 2017-04-12 | 2026-05-13 |
| CVE-2016-3315 | Microsoft OneNote 2007 SP3, 2010 SP2, 2013 SP1, 2013 RT SP1, 2016, and 2016 for Mac allow remote attackers to obtain sensitive information via a crafted OneNote file, aka "Microsoft OneNote Information Disclosure Vulnerability." | [email protected] | 5.5 | 34.66% | 2016-08-09 | 2026-05-06 |
| CVE-2015-2503 | Microsoft Access 2007 SP3, Excel 2007 SP3, InfoPath 2007 SP3, OneNote 2007 SP3, PowerPoint 2007 SP3, Project 2007 SP3, Publisher 2007 SP3, Visio 2007 SP3, Word 2007 SP3, Office 2007 IME (Japanese) SP3, Access 2010 SP2, Excel 2010 SP2, InfoPath 2010 SP2, OneNote 2010 SP2, PowerPoint 2010 SP2, Project 2010 SP2, Publisher 2010 SP2, Visio 2010 SP2, Word 2010 SP2, Pinyin IME 2010, Access 2013 SP1, Excel 2013 SP1, InfoPath 2013 SP1, OneNote 2013 SP1, PowerPoint 2013 SP1, Project 2013 SP1, Publisher 20 | [email protected] | 9.3 | 15.49% | 2015-11-11 | 2026-05-06 |
| CVE-2014-2815 | Microsoft OneNote 2007 SP3 allows remote attackers to execute arbitrary code via a crafted OneNote file that triggers creation of an executable file in a startup folder, aka "OneNote Remote Code Execution Vulnerability." | [email protected] | 8.8 | 13.85% | 2014-08-12 | 2026-05-06 |
| CVE-2008-3068 | Microsoft Crypto API 5.131.2600.2180 through 6.0, as used in Outlook, Windows Live Mail, and Office 2007, performs Certificate Revocation List (CRL) checks by using an arbitrary URL from a certificate embedded in a (1) S/MIME e-mail message or (2) signed document, which allows remote attackers to obtain reading times and IP addresses of recipients, and port-scan results, via a crafted certificate with an Authority Information Access (AIA) extension. | [email protected] | 7.5 | 12.63% | 2008-07-07 | 2026-04-23 |
| CVE-2007-0671 KEV | Unspecified vulnerability in Microsoft Excel 2000, XP, 2003, and 2004 for Mac, and possibly other Office products, allows remote user-assisted attackers to execute arbitrary code via unknown attack vectors, as demonstrated by Exploit-MSExcel.h in targeted zero-day attacks. | [email protected] | 8.8 | 52.33% | 2007-02-03 | 2026-04-22 |
| CVE-2006-3877 | Unspecified vulnerability in PowerPoint in Microsoft Office 2000, Office 2002, Office 2003, Office 2004 for Mac, and Office v.X for Mac allows user-assisted attackers to execute arbitrary code via an unspecified "crafted file," a different vulnerability than CVE-2006-3435, CVE-2006-4694, and CVE-2006-3876. | [email protected] | 9.3 | 38.81% | 2006-10-10 | 2026-04-23 |
| CVE-2004-0200 | Buffer overflow in the JPEG (JPG) parsing engine in the Microsoft Graphic Device Interface Plus (GDI+) component, GDIPlus.dll, allows remote attackers to execute arbitrary code via a JPEG image with a small JPEG COM field length that is normalized to a large integer length before a memory copy operation. | [email protected] | 9.3 | 74.51% | 2004-09-28 | 2026-04-16 |