Microsoft Office OneNote 2007 proof of concept exploit for a OnePKG file parsing remote code execution vulnerability. Upon decompressing files from .ONEPKG archives (using MS CAB format), a failure to sanitize file paths and file contents allows for arbitrary file planting in arbitrary locations on the OS, including the startup folder.
advisories | CVE-2014-2815
Related posts:
Beware: Fake Browser Updates Deliver BitRAT and Lumma Stealer Malware
Microsoft: Exchange Server 2013 reaches end of support in 9 months
More Than 1,000 New Cybersecurity Apprentices Joined Workforce in Past 12 Months
What we know about Joe Biden's private office where classified documents were found
Microsoft patches Excel zero-day used in attacks, asks Mac users to wait