Arbitrary Command Execution Vulnerability in Evernote Client for Windows (WINNOTE-19941)

Arbitrary Command Execution Vulnerability in Evernote Client for Windows (WINNOTE-19941)

CVE-2020-17759 · HIGH Severity

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

An issue was found in the Evernote client for Windows 10, 7, and 2008 in the protocol handler. This enables attackers for arbitrary command execution if the user clicks on a specially crafted URL. AKA: WINNOTE-19941.

Learn more about our User Device Pen Test.