Microsoft Office OneNote 2007 Remote Code Execution

Microsoft Office OneNote 2007 proof of concept exploit for a OnePKG file parsing remote code execution vulnerability. Upon decompressing files from .ONEPKG archives (using MS CAB format), a failure to sanitize file paths and file contents allows for arbitrary file planting in arbitrary locations on the OS, including the startup folder.

MD5 | 66b82cd487db6f570ee8d45f756cf2ca

Related Posts