Microsoft Office OneNote 2007 Remote Code Execution

Discussion in 'News Aggregator' started by Packet Storm, 6 Oct 2021.

  1. Packet Storm

    Packet Storm Guest

    Microsoft Office OneNote 2007 proof of concept exploit for a OnePKG file parsing remote code execution vulnerability. Upon decompressing files from .ONEPKG archives (using MS CAB format), a failure to sanitize file paths and file contents allows for arbitrary file planting in arbitrary locations on the OS, including the startup folder.

    Continue reading...
     

Share This Page

Loading...