Microsoft Office OneNote 2007 proof of concept exploit for a OnePKG file parsing remote code execution vulnerability. Upon decompressing files from .ONEPKG archives (using MS CAB format), a failure to sanitize file paths and file contents allows for arbitrary file planting in arbitrary locations on the OS, including the startup folder.
advisories | CVE-2014-2815
Related posts:
Barracuda Urges Immediate Replacement of Hacked ESG Appliances
Microsoft Warns: North Korean Hackers Turn to AI-Fueled Cyber Espionage
How to Secure Web Applications in a Growing Digital Attack Surface
Hackers steal Windows NTLM authentication hashes in phishing attacks
Beyond Traditional Security: NDR's Pivotal Role in Safeguarding OT Networks