A remote code execution vulnerability exists in the way that Microsoft Office handles specially crafted URLs using the OneNote protocol handler (onenote://). The vulnerability could allow remote code execution if a user clicks a specially crafted OneNote URL. The risk is MEDIUM. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.
More...