MS14-048: Vulnerability in OneNote Could Allow Remote Code Execution (2977201)
High Nessus Plugin ID 77166
SynopsisThe remote host contains an application that is affected by a remote code execution vulnerability.
DescriptionThe remote host is running a version of Microsoft OneNote that is affected by a remote code execution vulnerability. By convincing a user to open a specially crafted OneNote file, a remote attacker can create an executable file in a Startup folder and thereby execute arbitrary code with current user rights.
SolutionMicrosoft has released a set of patches for OneNote 2007 SP3.