CVE-2024-41159
CVSS 3.1 Score 7.1 of 10 (high)
Details
Summary
CVE-2024-41159 is a newly disclosed library injection vulnerability affecting Microsoft OneNote 16.83 for macOS. Maliciously crafted libraries can exploit this issue, bypassing OneNote's access privileges. A malicious application could take advantage of this vulnerability by injecting a library and starting the OneNote program, potentially gaining the permissions of the vulnerable application. This weakness could lead to unauthorized access, privilege escalation, or other malicious activities. Users are advised to update their OneNote software to the latest version to mitigate this risk.
Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.
Affected Products
- Microsoft Office Onenote
Affected Vendors
- Microsoft