Description
An issue was found in the Evernote client for Windows 10, 7, and 2008 in the protocol handler. This enables attackers for arbitrary command execution if the user clicks on a specially crafted URL. AKA: WINNOTE-19941.
References (1)
Core 1
Core References
Vendor Advisory x_refsource_misc
https://evernote.com/intl/zh-cn/security/updates/
Scores
CVSS v3
8.8
EPSS
0.0253
EPSS Percentile
82.9%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Details
CWE
CWE-77
Status
published
Products (2)
evernote/evernote
6.17.7
evernote/evernote
6.18 beta2
Published
Jun 24, 2021
Tracked Since
Feb 18, 2026