KLA11062
Arbitrary code execution vulnerability in Notepad++
Updated: 06/26/2019
Detect date
?
07/05/2017
Severity
?
High
Description

An unspecified vulnerability was found in Notepad++ 7.3.3 with Hex Editor Plugin v0.9.5. By exploiting this vulnerability malicious users can execute arbitrary code. This vulnerability can be exploited remotely via a specially designed file or an untrusted specially designed file from a remote location and issuing several user-defined commands.


Technical details

This vulnerability exists because of a “Data from Faulting Address controls Code Flow” issue.

NB: This vulnerability doesn’t have any public CVSS rating so rating can be changed by the time.

Affected products

Notepad++ version 7.3.3

Solution

Update to the latest version
Download Notepad++

Original advisories

wlinzi on Github

Impacts
?
ACE 
[?]
CVE-IDS
?