ID CVE-2014-2815
Summary Microsoft OneNote 2007 SP3 allows remote attackers to execute arbitrary code via a crafted OneNote file that triggers creation of an executable file in a startup folder, aka "OneNote Remote Code Execution Vulnerability."
References
Vulnerable Configurations
  • cpe:2.3:a:microsoft:onenote:2007:sp3:*:*:*:*:*:*
    cpe:2.3:a:microsoft:onenote:2007:sp3:*:*:*:*:*:*
CVSS
Base: 9.3 (as of 16-12-2021 - 20:35)
Impact:
Exploitability:
CWE NVD-CWE-noinfo
CAPEC
Access
VectorComplexityAuthentication
NETWORK MEDIUM NONE
Impact
ConfidentialityIntegrityAvailability
COMPLETE COMPLETE COMPLETE
cvss-vector via4 AV:N/AC:M/Au:N/C:C/I:C/A:C
msbulletin via4
bulletin_id MS14-048
bulletin_url
date 2014-08-12T00:00:00
impact Remote Code Execution
knowledgebase_id 2977201
knowledgebase_url
severity Important
title Vulnerability in OneNote Could Allow Remote Code Execution
refmap via4
bid 69098
confirm http://blogs.technet.com/b/srd/archive/2014/08/12/assessing-risk-for-the-august-2014-security-updates.aspx
sectrack 1030717
secunia 60672
Last major update 16-12-2021 - 20:35
Published 12-08-2014 - 21:55
Last modified 16-12-2021 - 20:35
Back to Top