Microsoft OneNote File Processing Remote Code Execution Vulnerabilities

Summary

Microsoft OneNote 2007 SP3 allows remote attackers to execute arbitrary code via a crafted OneNote file that triggers creation of an executable file in a startup folder, aka ‘OneNote Remote Code Execution Vulnerability.’

Credit:

Details

Vulnerable Systems:
 * Microsoft OneNote 2007 SP3

Microsoft OneNote is prone to a remote code-execution vulnerability. An attacker can leverage this issue to execute arbitrary code in the context of the currently logged-in user. Failed exploit attempts will likely result in denial-of-service conditions.

CVE Information:
CVE-2014-2815

Disclosure Timeline:
Original release date: 08/12/2014
Last revised: 08/22/2014

Categories: Windows