Published: 12/08/2014 Updated: 16/12/2021

CVSS v2 Base Score: 9.3 | Impact Score: 10 | Exploitability Score: 8.6

CVSS v3 Base Score: 8.8 | Impact Score: 5.9 | Exploitability Score: 2.8

VMScore: 828

Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C

Microsoft OneNote 2007 SP3 allows remote malicious users to execute arbitrary code via a crafted OneNote file that triggers creation of an executable file in a startup folder, aka "OneNote Remote Code Execution Vulnerability."

Vulnerable Product	Search on Vulmon	Subscribe to Product
microsoft onenote 2007

Microsoft Office Onenote 2007 (CVE-2014-2815) ".ONEPKG" File Directory Traversal Vulnerability Leads to Arbitrary Code Execution

CABTrap_OneNote2007 Microsoft Office Onenote 2007 (CVE-2014-2815) "ONEPKG" File Directory Traversal Vulnerability Leads to Arbitrary Code Execution Microsoft Office Onenote 2007 (CVE-2014-2815) "ONEPKG" File Directory Traversal Vulnerability Leads to Arbitrary Code Execution OneNote 2007 is prone to a vulnerability that causes the program to extract files

August Update Tuesday – OneNote’s First RCE, IE Memory Corruption

Securelist • Kurt Baumgartner • 12 Aug 2014

The second Tuesday of the month is here along with Microsoft’s August security updates, and with it brings interesting updates of OneNote and Internet Explorer. The full list is nine security bulletins long. OneNote has been a part of Microsoft’s drive into mobile and cloud technologies, away from traditional Wintel computing, providing Office-integrated note-taking multi-user collaborative functionality across tablets and mobile devices. I noticed a bunch of Blackhat attendees using this...

CVE-2014-2815

Vulnerability Summary

Vulnerability Trend

Github Repositories

Recent Articles

References

Vulmon Search

About

Products

Connect