CVE-2020-17759

An issue was found in the Evernote client for Windows 10, 7, and 2008 in the protocol handler. This enables attackers for arbitrary command execution if the user clicks on a specially crafted URL. AKA: WINNOTE-19941.

Summary:

An issue was found in the Evernote client for Windows 10, 7, and 2008 in the protocol handler. This enables attackers for arbitrary command execution if the user clicks on a specially crafted URL. AKA: WINNOTE-19941.

Reference Links(if available):

  • https://evernote.com/intl/zh-cn/security/updates/
  • CVSS Score (if available)

    v2: / HIGHAV:N/AC:M/Au:N/C:P/I:P/A:P

    v3: / HIGHCVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

    Links to Exploits(if available)