KLA11062
Arbitrary code execution vulnerability in Notepad++
Обновлено: 26/06/2019
Дата обнаружения
05/07/2017
Уровень угрозы
High
Описание

An unspecified vulnerability was found in Notepad++ 7.3.3 with Hex Editor Plugin v0.9.5. By exploiting this vulnerability malicious users can execute arbitrary code. This vulnerability can be exploited remotely via a specially designed file or an untrusted specially designed file from a remote location and issuing several user-defined commands.


Technical details

This vulnerability exists because of a «Data from Faulting Address controls Code Flow» issue.

NB: This vulnerability doesn’t have any public CVSS rating so rating can be changed by the time.

Пораженные продукты

Notepad++ version 7.3.3

Решение

Update to the latest version
Download Notepad++

Первичный источник обнаружения
wlinzi on Github
Оказываемое влияние
?
ACE 
[?]
Связанные продукты
Notepad++
CVE-IDS