Evernote 7.9 Path Traversal / Code Execution

2019.04.19
Credit: Mishra Dhiraj
Risk: Medium
Local: No
Remote: Yes
CWE: CWE-22


CVSS Base Score: 4.4/10
Impact Subscore: 6.4/10
Exploitability Subscore: 3.4/10
Exploit range: Local
Attack complexity: Medium
Authentication: No required
Confidentiality impact: Partial
Integrity impact: Partial
Availability impact: Partial

# Exploit Title: Code execution via path traversal # Date: 17-04-2019 # Exploit Author: Dhiraj Mishra # Vendor Homepage: http://evernote.com/ # Software Link: https://evernote.com/download # Version: 7.9 # Tested on: macOS Mojave v10.14.4 # CVE: CVE-2019-10038 # References: # https://nvd.nist.gov/vuln/detail/CVE-2019-10038 # https://www.inputzero.io/2019/04/evernote-cve-2019-10038.html Summary: A local file path traversal issue exists in Evernote 7.9 for macOS which allows an attacker to execute arbitrary programs. Technical observation: A crafted URI can be used in a note to perform this attack using file:/// has an argument or by traversing to any directory like (../../../../something.app). Since, Evernote also has a feature of sharing notes, in such case attacker could leverage this vulnerability and send crafted notes (.enex) to the victim to perform any further attack. Patch: The patch for this issue is released in Evernote 7.10 Beta 1 for macOS [MACOSNOTE-28840]. Also, the issue is tracked by CVE-2019-10038.


Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}

Copyright 2024, cxsecurity.com

 

Back to Top