Path traversal in Samsung Notes prior to version 4.4.21.62 allows local attackers to execute arbitrary code.
Related posts