Description
Evernote 7.9 on macOS allows attackers to execute arbitrary programs by embedding a reference to a local executable file such as the /Applications/Calculator.app/Contents/MacOS/Calculator file.
Exploits (1)
References (3)
Core 3
Core References
Broken Link x_refsource_misc
https://drive.google.com/file/d/1cmWixK1vAh7oZ2y3Y3ZtVeSoTRp8c1Ts/view?usp=sharing
Vendor Advisory x_refsource_misc
https://evernote.com/security/updates
Third Party Advisory x_refsource_misc
https://www.inputzero.io/2019/04/evernote-cve-2019-10038.html
Scores
CVSS v3
7.8
EPSS
0.0125
EPSS Percentile
79.5%
Attack Vector
LOCAL
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Details
CWE
CWE-22
Status
published
Products (1)
evernote/evernote
7.9
Published
May 31, 2019
Tracked Since
Feb 18, 2026