Code execution - Evernote

Summary: A local file path traversal issue exists in Evernote 7.9 for macOS which allows an attacker to execute arbitrary programs. Technical observation: A crafted URI can be used in a note to perform this attack using file:/// as an argument or by traversing to any directory like (../../../../something.app). Since Evernote also has a feature of sharing notes, in such a case an attacker...

Read More