exploitDog

CVE-2019-17051

Опубликовано: 30 сент. 2019

Источник: nvd

CVSS3: 7.8

CVSS2: 6.8

EPSS Низкий

Описание

Evernote before 7.13 GA on macOS allows code execution because the com.apple.quarantine attribute is not used for attachment files, as demonstrated by a one-click attack involving a drag-and-drop operation on a crafted Terminal file.

Ссылки

https://evernote.com/security/updates#MACOSNOTE-28956
Vendor Advisory
https://www.youtube.com/watch?v=OG2tKlZX5bg
Exploit
Third Party Advisory
https://evernote.com/security/updates#MACOSNOTE-28956
Vendor Advisory
https://www.youtube.com/watch?v=OG2tKlZX5bg
Exploit
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:evernote:evernote:*:*:*:*:*:macos:*:*

Версия до 7.13 (исключая)

EPSS

Процентиль: 59%

0.0039

Низкий

7.8 High

CVSS3

6.8 Medium

CVSS2

Дефекты

CWE-732

Связанные уязвимости

GHSA-rgvr-8fj2-9g73

github

больше 3 лет назад

Evernote before 7.13 GA on macOS allows code execution because the com.apple.quarantine attribute is not used for attachment files, as demonstrated by a one-click attack involving a drag-and-drop operation on a crafted Terminal file.

EPSS

Процентиль: 59%

0.0039

Низкий

7.8 High

CVSS3

6.8 Medium

CVSS2

Дефекты

CWE-732