High Severity Vulnerability
This vulnerability has been rated as High severity. Immediate action is recommended.
CVE-2014-2815
High
Low
Medium
High
Critical
8.8
CVSS Score
Vulnerability Description
Microsoft OneNote 2007 SP3 allows remote attackers to execute arbitrary code via a crafted OneNote file that triggers creation of an executable file in a startup folder, aka "OneNote Remote Code Execution Vulnerability."
CVSS Metrics
Common Vulnerability Scoring System
Vector String:
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Attack Vector
N
Attack Complexity
L
Privileges Required
N
User Interaction
R
Scope
U
Confidentiality
H
Integrity
H
Availability
H
Known Affected Software
1 configuration(s) from 1 vendor(s)
onenote
Version:
2007
CPE:
cpe:2.3:a:microsoft:onenote:2007:sp3:*:*:*:*:*:*
This vulnerability affects 1 software configuration(s). Ensure you patch all affected systems.
References & Resources
-
http://blogs.technet.com/b/srd/archive/2014/08/12/assessing-risk-for-the-august-2014-security-updates.aspxsecure@microsoft.com Patch Vendor Advisory
-
http://packetstormsecurity.com/files/164419/Microsoft-Office-OneNote-2007-Remote-Code-Execution.htmlsecure@microsoft.com Third Party Advisory VDB Entry
-
http://secunia.com/advisories/60672secure@microsoft.com Not Applicable
-
http://www.securityfocus.com/bid/69098secure@microsoft.com Third Party Advisory VDB Entry
-
http://www.securitytracker.com/id/1030717secure@microsoft.com Third Party Advisory VDB Entry
-
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2014/ms14-048secure@microsoft.com Patch Vendor Advisory
-
http://blogs.technet.com/b/srd/archive/2014/08/12/assessing-risk-for-the-august-2014-security-updates.aspxaf854a3a-2127-422b-91ae-364da2661108 Patch Vendor Advisory
-
http://packetstormsecurity.com/files/164419/Microsoft-Office-OneNote-2007-Remote-Code-Execution.htmlaf854a3a-2127-422b-91ae-364da2661108 Third Party Advisory VDB Entry
-
http://secunia.com/advisories/60672af854a3a-2127-422b-91ae-364da2661108 Not Applicable
-
http://www.securityfocus.com/bid/69098af854a3a-2127-422b-91ae-364da2661108 Third Party Advisory VDB Entry
-
http://www.securitytracker.com/id/1030717af854a3a-2127-422b-91ae-364da2661108 Third Party Advisory VDB Entry
-
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2014/ms14-048af854a3a-2127-422b-91ae-364da2661108 Patch Vendor Advisory
Severity Details
8.8
out of 10.0
High
Key Information
- Published Date
- August 12, 2014
