CVE-2016-4900

Untrusted search path vulnerability in Evernote for Windows versions prior to 6.3 allows remote attackers to gain privileges via a Trojan horse DLL in an unspecified directory...

Installer of Evernote for Windows may insecurely load Dynamic Link Libraries

Overview The installer of Evernote for Windows contains an issue with the DLL search path, which may lead to insecurely loading Dynamic Link Libraries. Takashi Yoshikawa of Mitsui Bussan Secure Directions reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Informati...