writeups.xyz / Evernote RCE: From PDF.js font-injection to All-platform Electron exposed ipcRenderer with listened BrokerBridge Remote-Code Execution

Submitter : c2a

Date: 10 July 2024

Bounty : undisclosed

Vulnerabilities :

• RCE
• XSS
• Electron
• Thick Client

Programs :

• Evernote

Authors :

• Patrick Peng (@Retr0reg)

Link :
https://0reg.dev/blog/evernote-rce