<< Back
CVE Number Vulnerability Product Severity Date
MS14-048 Vulnerability in OneNote Could Allow Remote Code Execution (2977201) Microsoft OneNote Important 13-08-2014

Technical Information

Brief overview of the risk:
This security update resolves a privately reported vulnerability in Microsoft OneNote. The vulnerability could allow remote code execution if a specially crafted file is opened in an affected version of Microsoft OneNote.
Detailed Information on the risk:

A remote code execution vulnerability exists in the way that Microsoft OneNote parses specially crafted files. An attacker who successfully exploited this vulnerability could run arbitrary code in the context of the current user.

Further information on this exploit is available at : MS14-048

Affected Software

Microsoft OneNote 2007 Service Pack 3