Primary

Context

Microsoft One Search Denial-of-Service Vulnerability

Vulnerability

A denial-of-service vulnerability has been identified in Microsoft One Search version 1.1.0.0. This vulnerability allows local attackers to crash the application by sending excessively long input strings to the search feature. By pasting a buffer of 950 or more characters into the search bar, attackers can trigger an unhandled exception that causes the application to crash.

Impact

Exploitation of this vulnerability leads to a crash of the Microsoft One Search application, causing a denial-of-service condition.

Reproduction

To reproduce this vulnerability, paste a string of 950 or more characters into the search bar of Microsoft One Search version 1.1.0.0. After clicking the search button, the application will crash due to an unhandled exception caused by the excessive input length.

Added: Apr 4, 2026, 2:23 PM

Updated: Apr 4, 2026, 2:23 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

0.6

exploitability

4.6

remediation

0.0

relevance

5.4

threat

6.4

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

0.6

exploitability

4.6

remediation

0.0

relevance

5.4

threat

6.4

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Microsoft One Search Denial-of-Service Vulnerability

Vulnerability

Impact

Reproduction

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating