Evernote 路径遍历漏洞

QQ空间 新浪微博 微信 QQ facebook twitter
漏洞ID 1575097 漏洞类型 路径遍历
发布时间 2019-04-19 更新时间 2019-06-12
CVE编号 CVE-2019-10038 CNNVD-ID CNNVD-201904-933
漏洞平台 N/A CVSS评分 N/A
Evernote(印象笔记)是美国Evernote公司的一套macOS平台的笔记软件。该软件可随时随地创建、管理、同步、搜索和共享笔记。 Evernote 4.9版本(macOS)中存在路径遍历漏洞,该漏洞源于网络系统或产品未能正确地过滤资源或文件路径中的特殊元素。攻击者可利用该漏洞访问受限目录之外的位置。
# Exploit Title: Code execution via path traversal
# Date: 17-04-2019
# Exploit Author: Dhiraj Mishra
# Vendor Homepage: http://evernote.com/
# Software Link: https://evernote.com/download
# Version: 7.9
# Tested on: macOS Mojave v10.14.4
# CVE: CVE-2019-10038
# References:
# https://nvd.nist.gov/vuln/detail/CVE-2019-10038
# https://www.inputzero.io/2019/04/evernote-cve-2019-10038.html

A local file path traversal issue exists in Evernote 7.9 for macOS which
allows an attacker to execute arbitrary programs.

Technical observation:
A crafted URI can be used in a note to perform this attack using file:///
has an argument or by traversing to any directory like

Since, Evernote also has a feature of sharing notes, in such case attacker
could leverage this vulnerability and send crafted notes (.enex) to the
victim to perform any further attack.

The patch for this issue is released in Evernote 7.10 Beta 1 for macOS
[MACOSNOTE-28840]. Also, the issue is tracked by CVE-2019-10038.