CVE-2014-2815
HIGHMicrosoft OneNote 2007 SP3 - Remote Code Execution via Crafted OneNote File
Title source: llmExploitation Summary
EIP tracks 1 public exploit for CVE-2014-2815. PoCs published by Edubr2020.
AI-analyzed exploit summary This repository describes a directory traversal vulnerability in Microsoft Office OneNote 2007 (CVE-2014-2815) that allows arbitrary file extraction via crafted .ONEPKG files. The PoC explains how to exploit this to achieve arbitrary code execution by placing malicious files in system directories or startup folders.
Description
Microsoft OneNote 2007 SP3 allows remote attackers to execute arbitrary code via a crafted OneNote file that triggers creation of an executable file in a startup folder, aka "OneNote Remote Code Execution Vulnerability."
Exploits (1)
This repository describes a directory traversal vulnerability in Microsoft Office OneNote 2007 (CVE-2014-2815) that allows arbitrary file extraction via crafted .ONEPKG files. The PoC explains how to exploit this to achieve arbitrary code execution by placing malicious files in system directories or startup folders.
References (6)
Scores
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H