KLA10972
CIA hacking issue in Notepad++

Обновлено: 17/06/2019
Дата обнаружения
08/03/2017
Уровень угрозы
Critical
Описание

An issue of a hijacked DLL was found in Notepad++. By exploiting this vulnerability malicious users can obtain sensitive information. This vulnerability can be exploited remotely via a sciexer.dll, which is replaced by version of sciexer.dll built by CIA.


Technical details

This vulnerability has been fixed by adding a certificate validation in sciexer.exe before loading it.

NB: This vulnerability have no public CVSS rating so rating can be changed by the time.

Пораженные продукты

Notepad++ versions earlier than 7.3.3

Решение

Update to the latest version
Download Notepad++

Первичный источник обнаружения
Notepad++ news
Связанные продукты
Notepad++
Узнай статистику распространения уязвимостей в твоем регионе