KLA10972
CIA hacking issue in Notepad++
Updated: 06/01/2019
Detect date
?
03/08/2017
Severity
?
Critical
Description

An issue of a hijacked DLL was found in Notepad++. By exploiting this vulnerability malicious users can obtain sensitive information. This vulnerability can be exploited remotely via a sciexer.dll, which is replaced by version of sciexer.dll built by CIA.


Technical details

This vulnerability has been fixed by adding a certificate validation in sciexer.exe before loading it.

NB: This vulnerability have no public CVSS rating so rating can be changed by the time.

Affected products

Notepad++ versions earlier than 7.3.3

Solution

Update to the latest version
Download Notepad++

Original advisories

Notepad++ news