CVE-2024-41159

CVSS 3.1 Score 7.1 of 10 (high)

Details

Published Dec 18, 2024
CWE ID 347

Summary

CVE-2024-41159 is a newly disclosed library injection vulnerability affecting Microsoft OneNote 16.83 for macOS. Maliciously crafted libraries can exploit this issue, bypassing OneNote's access privileges. A malicious application could take advantage of this vulnerability by injecting a library and starting the OneNote program, potentially gaining the permissions of the vulnerable application. This weakness could lead to unauthorized access, privilege escalation, or other malicious activities. Users are advised to update their OneNote software to the latest version to mitigate this risk.

Ligh bulbPrevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share

Affected Products

  • Microsoft Office Onenote

Affected Vendors

  • Microsoft