JSON View XML View

Key Value
MTID M113465
Title (MS16-099) Microsoft OneNote Information Disclosure II (3177451)
Description A vulnerability in some versions of Microsoft OneNote could lead to information disclosure.
Observation A vulnerability in some versions of Microsoft OneNote could lead to information disclosure.

The flaw occurs when Microsoft Outlook and Microsoft OneNote improperly disclose their memory contents. Successful exploitation by a remote attacker could result in the disclosure of sensitive information.
Recommendation The vendor has released an update to address this issue.

https://technet.microsoft.com/library/security/MS16-099

Superseded patch information:

The patches for the following products are superseded by patches provided in: MS16-107
- Microsoft Office 2010 32-Bit Edition: KB3118309
- Microsoft Office 2010 64-Bit Edition: KB3118309
- Microsoft Office 2013 32-Bit Edition: KB3118268
- Microsoft Office 2013 64-Bit Edition: KB3118268
- Microsoft Office 2016 32-Bit Edition: KB3118292
- Microsoft Office 2016 64-Bit Edition: KB3118292
- Microsoft Office Outlook 2007: KB3118303
- Microsoft Outlook 2010 32-Bit Edition: KB3118313
- Microsoft Outlook 2010 64-Bit Edition: KB3118313
- Microsoft Outlook 2013 32-Bit Edition: KB3118280
- Microsoft Outlook 2013 64-Bit Edition: KB3118280
- Microsoft Outlook 2016 32-Bit Edition: KB3118293
- Microsoft Outlook 2016 64-Bit Edition: KB3118293

The patches for the following products are superseded by patches provided in: MS16-133
- Microsoft Office 2010 32-Bit Edition: KB3127951
- Microsoft Office 2010 64-Bit Edition: KB3127951
- Microsoft Word 2010 32-Bit Edition: KB3127953
- Microsoft Word 2010 64-Bit Edition: KB3127953
- Microsoft Word 2013 32-Bit Edition: KB3127932
- Microsoft Word 2013 64-Bit Edition: KB3127932

The patches for the following products are superseded by patches provided in: MS16-121
- Microsoft Word 2016 32-Bit Edition: KB3118331
- Microsoft Word 2016 64-Bit Edition: KB3118331

https://technet.microsoft.com/library/security/MS16-107
https://technet.microsoft.com/library/security/MS16-133
https://technet.microsoft.com/library/security/MS16-121

Vendor Microsoft
Attack Vector Maliciously Crafted File
Importance 5
Impact 2.8627500
Threat Score 4.3
Labels
Patch Tuesday
References
CVECVE-2016-3315
MSFTBulletinMS16-099
MSFTQNumber3177451
DISA IAVA2016-A-0203
MTIDM113465
CPEs
cpe:/a:microsoft:onenote:2007:sp3
cpe:/a:microsoft:office_onenote:2016_x86
cpe:/a:microsoft:office_onenote:2016_x64
cpe:/a:microsoft:onenote:2010:sp2
cpe:/a:microsoft:onenote:2010:sp2:x64
cpe:/a:microsoft:onenote:2013:sp1
cpe:/a:microsoft:onenote:2013:sp1:x64
cpe:/a:microsoft:onenote:2013:rt:sp1
Created At 2016-08-09 00:00:00 UTC
Updated At 2016-11-19 10:31:00 UTC

Back