PT-2024-1677 · Evernote · Evernote For Macos
Giovannipajeu1
·
Published
2024-01-08
·
Updated
2024-02-16
·
CVE-2023-50643
CVSS v3.1
10
Critical
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
Evernote for MacOS version 10.68.2
Description
An issue in Evernote for MacOS allows a remote attacker to execute arbitrary code via the
RunAsNode and enableNodeClilnspectArguments components. This is related to a buffer overflow in memory. The exploitation of this issue can allow a remote attacker to execute arbitrary code.Recommendations
For Evernote for MacOS version 10.68.2, upgrade to the latest version (10.72.2) as soon as possible. As a temporary workaround, consider disabling the
RunAsNode and enableNodeClilnspectArguments components until a patch is applied. Restrict access to these components to minimize the risk of exploitation.Exploit
Fix
Buffer Overflow
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Evernote For Macos