An information disclosure vulnerability exists when Microsoft One Note improperly discloses its memory contents.
For example, when an update applies to Microsoft Office 2007 products, only Microsoft Office 2007 may be specifically listed in the Affected Software table.
However, the update could apply to Microsoft Word 2007, Microsoft Excel 2007, Microsoft Visio 2007, Microsoft Compatibility Pack, Microsoft Excel Viewer, or any other Microsoft Office 2007 product that is not specifically listed in the Affected Software table.
To determine the support life cycle for your software version or edition, see Microsoft Support Lifecycle.
The following severity ratings assume the potential maximum impact of the vulnerability.
In an email attack scenario an attacker could exploit the vulnerabilities by sending the specially crafted file to the user and convincing the user to open the file.
In a web-based attack scenario an attacker could host a website (or leverage a compromised website that accepts or hosts user-provided content) that contains a specially crafted file that is designed to exploit the vulnerabilities.
Published: August 9, 2016 | Updated: August 22, 2016 Version: 2.0 This security update resolves vulnerabilities in Microsoft Office.
The most severe of the vulnerabilities could allow remote code execution if a user opens a specially crafted Microsoft Office file.
Note that where the severity is indicated as Critical in the Affected Software and Vulnerability Severity Ratings table, the Preview Pane is an attack vector for CVE-2016-3316.