Back to list
Evernote for Windows DLL Loading Remote Code Execution Vulnerability
Oct 14 2016 12:28PM
mehta himanshu21 gmail com
Evernote contains a DLL hijacking vulnerability that could allow an unauthenticated, remote attacker to execute arbitrary code on the targeted system. The vulnerability exists due to some DLL file is loaded by 'Evernote_220.127.116.112.exe' improperly. And it allows an attacker to load this DLL file of the attacker?s choosing that could execute arbitrary code without the user's knowledge.
Fixed in: Evernote for Windows 6.3
Tested on: Windows 7
Attacker can exploit this vulnerability to load a DLL file of the attacker's choosing that could execute arbitrary code. This may help attacker to Successful exploit the system if user creates shell as a DLL.
Vulnerability Scoring Details
The vulnerability classification has been performed by using the CVSSv2 scoring system (http://www.first.org/cvss/).
Base Score: 9.3 (AV:N/AC:M/Au:N/C:C/I:C/A:C)
Proof of concept/demonstration:
1. Create a malicious 'dwmapi.dll' or 'ntmarta.dll' file and save it in your "Downloads" directory.
2. Download 'Evernote_18.104.22.1682.exe' from and save it in your "Downloads" directory.
3. Execute .exe from your "Downloads" directory.
4. Malicious dll file gets executed.
[ reply ]
Copyright 2010, SecurityFocus