CVE-2014-2815

3 documents3 sources

Severity

8.8HIGH

EPSS

19.6%

top 4.58%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Microsoft Onenote

Timeline

PublishedAug 12

Latest updateMay 13

Description

Microsoft OneNote 2007 SP3 allows remote attackers to execute arbitrary code via a crafted OneNote file that triggers creation of an executable file in a startup folder, aka "OneNote Remote Code Execution Vulnerability."

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:HExploitability: 2.8 | Impact: 5.9

Affected Packages1 packages

▶NVDmicrosoft/onenote2007

Patches

Patch: blogs.technet.com ↗Patch: docs.microsoft.com ↗Patch: blogs.technet.com ↗

🔴Vulnerability Details

GHSA

GHSA-g2mq-x5px-cf79: Microsoft OneNote 2007 SP3 allows remote attackers to execute arbitrary code via a crafted OneNote file that triggers creation of an executable file i↗2022-05-13

▶

CVEList

CVE-2014-2815: Microsoft OneNote 2007 SP3 allows remote attackers to execute arbitrary code via a crafted OneNote file that triggers creation of an executable file i↗2014-08-12

▶