A serious cross-site scripting (XSS) vulnerability discovered in the Evernote application for Windows can be exploited to steal files and execute arbitrary commands.
http://feedproxy.google.com/~r/Securityweek/~3/QlWUlQHDjS0/evernote-flaw-allows-hackers-steal-files-execute-commands