Vulnerability Details CVE-2016-4900
Untrusted search path vulnerability in Evernote for Windows versions prior to 6.3 allows remote attackers to gain privileges via a Trojan horse DLL in an unspecified directory.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.015
EPSS Ranking 71.5%
CVSS Severity
CVSS v3 Score 7.8
CVSS v2 Score 6.8
References
- http://jvndb.jvn.jp/jvndb/JVNDB-2016-000206
- http://www.securityfocus.com/bid/93572
- https://evernote.com/security/updates/#win
- https://jvn.jp/en/jp/JVN03251132/index.html
- http://jvndb.jvn.jp/jvndb/JVNDB-2016-000206
- http://www.securityfocus.com/bid/93572
- https://evernote.com/security/updates/#win
- https://jvn.jp/en/jp/JVN03251132/index.html
Products affected by CVE-2016-4900
-
cpe:2.3:a:evernote:evernote:5.8.11
-
cpe:2.3:a:evernote:evernote:5.8.4
-
cpe:2.3:a:evernote:evernote:5.9.5
-
cpe:2.3:a:evernote:evernote:6.1.2
-
cpe:2.3:a:evernote:evernote:6.2.1