MS OneNote Handler Vulnerability (Sep 11,2008)


Microsoft Office OneNote is a new component of the Microsoft Office Suite. Microsoft Office OneNote is a digital notebook that provides people one place to gather their notes and information, powerful search to find what they are looking for quickly, and easy-to-use shared notebooks so that they can manage information overload and work together more effectively.

Microsoft Office OneNote registers a protocol handler with the Windows registry, named “onenote” with the format “onenote://”. This handler enables the OneNote executable to be launched from the Microsoft Internet Explorer browser. The onenote handler, however, can trigger a buffer-overrun vulnerability in mso.dll, which can cause malicious executable code injected and executed in the target client.

Microsoft has released an advisory MS08-055 to address this vulnerability, which can be found here. In this advisory, the Maximum Security Impact of this vulnerability is scored as CRITICAL. To protect the SonicWALL customers from being affected by this vulnerability, the SonicWALL UTM team has developed the following IPS signatures:

  • 3482 MS OneNote URL Validation Error 4 (MS08-055)
  • 3479 MS OneNote URL Validation Error 3 (MS08-055)
  • 3476 MS OneNote URL Validation Error 2 (MS08-055)
  • 3474 MS OneNote URL Validation Error 1 (MS08-055)
Security News
The SonicWall Capture Labs Threat Research Team gathers, analyzes and vets cross-vector threat information from the SonicWall Capture Threat network, consisting of global devices and resources, including more than 1 million security sensors in nearly 200 countries and territories. The research team identifies, analyzes, and mitigates critical vulnerabilities and malware daily through in-depth research, which drives protection for all SonicWall customers. In addition to safeguarding networks globally, the research team supports the larger threat intelligence community by releasing weekly deep technical analyses of the most critical threats to small businesses, providing critical knowledge that defenders need to protect their networks.