This script is Copyright (C) 2015 Tenable Network Security, Inc.
The remote Windows host has an ActiveX control installed that is
affected by a file overwrite vulnerability.
The version of Evernote installed on the remote Windows host is prior
to 5.8.1. It is, therefore, affected by an arbitrary file overwrite
vulnerability in the EvernoteIE.dll ActiveX control due to using the
writeFileContent(), LoadFile(), and ReadFileContent() methods in an
insecure manner. A remote, unauthenticated attacker can exploit this
by tricking a user into opening a specially crafted web page, allowing
the attacker to read and overwrite arbitrary files.
See also :
Upgrade to Evernote 5.8.1 or later. Alternatively, disable the ActiveX
Risk factor :
High / CVSS Base Score : 9.3
CVSS Temporal Score : 7.7
Public Exploit Available : true
Get Nessus Professional to scan unlimited IPs, run compliance checks & moreBuy Nessus Professional Now