[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[FD] Evernote for Windows DLL Loading Remote Code Execution


Evernote contains a DLL hijacking vulnerability that could allow an
unauthenticated, remote attacker to execute arbitrary code on the targeted
system. The vulnerability exists due to some DLL file is loaded by
'Evernote_6.1.2.2292.exe' improperly. And it allows an attacker to load
this DLL file of the attacker’s choosing that could execute arbitrary code
without the user's knowledge.

Affected Product:

Fixed in: Evernote for Windows 6.3 (WINNOTE-15637

Tested on: Windows 7

Attacker can exploit this vulnerability to load a DLL file of the
attacker's choosing that could execute arbitrary code. This may help
attacker to Successful exploit the system if user creates shell as a DLL.

Vulnerability Scoring Details
The vulnerability classification has been performed by using the CVSSv2
scoring system (http://www.first.org/cvss/).
Base Score: 9.3 (AV:N/AC:M/Au:N/C:C/I:C/A:C)

Proof of concept/demonstration:

1. Create a malicious 'dwmapi.dll' or 'ntmarta.dll' file and save it in
your "Downloads" directory.

2. Download 'Evernote_6.1.2.2292.exe' from and save it in your "Downloads"

3. Execute .exe from your "Downloads" directory.

4. Malicious dll file gets executed.

Himanshu Mehta

Sent through the Full Disclosure mailing list
Web Archives & RSS: http://seclists.org/fulldisclosure/