Eduardo Prado

**Name of the Vulnerable Software and Affected Versions** Microsoft OneNote 2007 SP3 **Description** A remote code execution issue exists in Microsoft OneNote, related to the processing of specially crafted files. This allows an attacker to execute arbitrary code in the context of the current user. If the user has administrative rights, the attacker could gain complete control over the system, enabling them to install programs, view, change, or delete data, and create new accounts with full user rights. Users with limited system rights are less affected than those operating with administrative rights. **Recommendations** For Microsoft OneNote 2007 SP3, at the moment, there is no information about a newer version that contains a fix for this vulnerability.