CVE-2014-2815

HIGH

Microsoft OneNote 2007 SP3 - Remote Code Execution via Crafted OneNote File

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2014-2815. PoCs published by Edubr2020.

AI-analyzed exploit summary This repository describes a directory traversal vulnerability in Microsoft Office OneNote 2007 (CVE-2014-2815) that allows arbitrary file extraction via crafted .ONEPKG files. The PoC explains how to exploit this to achieve arbitrary code execution by placing malicious files in system directories or startup folders.

Description

Microsoft OneNote 2007 SP3 allows remote attackers to execute arbitrary code via a crafted OneNote file that triggers creation of an executable file in a startup folder, aka "OneNote Remote Code Execution Vulnerability."

Exploits (1)

nomisec WRITEUP 3 stars
by Edubr2020 · poc
https://github.com/Edubr2020/CABTrap_OneNote2007

This repository describes a directory traversal vulnerability in Microsoft Office OneNote 2007 (CVE-2014-2815) that allows arbitrary file extraction via crafted .ONEPKG files. The PoC explains how to exploit this to achieve arbitrary code execution by placing malicious files in system directories or startup folders.

Classification
Writeup 90%
Attack Type
Rce
Complexity
Moderate
Reliability
Reliable
Target: Microsoft Office OneNote 2007 SP3
No auth needed
Prerequisites: Vulnerable version of Microsoft Office OneNote 2007 · Ability to deliver a crafted .ONEPKG file to the target
mistral-large-3 · analyzed Feb 16, 2026 Full analysis →

References (6)

Core 6
Core References
Third Party Advisory, VDB Entry vdb-entry x_refsource_sectrack
http://www.securitytracker.com/id/1030717
Not Applicable third-party-advisory x_refsource_secunia
http://secunia.com/advisories/60672
Patch, Vendor Advisory vendor-advisory x_refsource_ms
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2014/ms14-048
Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/69098

Scores

CVSS v3 8.8
EPSS 0.4378
EPSS Percentile 98.6%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Details

Status published
Products (1)
microsoft/onenote 2007 sp3
Published Aug 12, 2014
Tracked Since Feb 18, 2026