Evernote < 5.8.1 ActiveX Control Arbitrary File Overwrite
High Nessus Plugin ID 85448
SynopsisThe remote Windows host has an ActiveX control installed that is affected by a file overwrite vulnerability.
DescriptionThe version of Evernote installed on the remote Windows host is prior to 5.8.1. It is, therefore, affected by an arbitrary file overwrite vulnerability in the EvernoteIE.dll ActiveX control due to using the writeFileContent(), LoadFile(), and ReadFileContent() methods in an insecure manner. A remote, unauthenticated attacker can exploit this by tricking a user into opening a specially crafted web page, allowing the attacker to read and overwrite arbitrary files.
SolutionUpgrade to Evernote 5.8.1 or later. Alternatively, disable the ActiveX control.