Intrusion Prevention

Evernote.Embedded.Link.Directory.Traversal

Description

This indicates an attack attempt to exploit a Directory Traversal Vulnerability in Evernote for Mac.
A remote attacker could exploit this vulnerability by enticing a user into importing a maliciously crafted ENEX file and clicking on an embedded link. Successful exploitation could result in execution of an arbitrary program under the security context of the application.

Affected Products

Evernote for Mac 7.x prior to 7.9.1

Impact

System Compromise: Remote attackers can gain control of vulnerable systems.

Recommended Actions

Apply the most recent upgrade or patch from the vendor.
https://evernote.com/security/updates

CVE References

CVE-2019-10038