[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Notepad++6.9.2 DLL Hijacking Vulnerability
- To: bugtraq@xxxxxxxxxxxxxxxxx
- Subject: Notepad++6.9.2 DLL Hijacking Vulnerability
- From: mehta.himanshu21@xxxxxxxxx
- Date: Mon, 8 Aug 2016 15:55:12 GMT
Aloha,
Notepad++ contains a DLL hijacking vulnerability that could allow an
unauthenticated, remote attacker to execute arbitrary code on the targeted
system. This vulnerability exists due to some DLL file is loaded by
?npp.6.9.2.Installer.exe? improperly. And it allows an attacker to load this
DLL file of the attacker?s choosing that could execute arbitrary code without
the user's knowledge.
Affected Product:
Notepad++ 6.9.2
Download Link: https://notepad-plus-plus.org/news/notepad-6.9.2-released.html
Impact
Attacker can exploit the vulnerability to load a DLL file of the attacker's
choosing that could execute arbitrary code. This may help attacker to
Successful exploits the system if user creates shell as a DLL.
Vulnerability Scoring Details
The vulnerability classification has been performed by using the CVSSv2 scoring
system (http://www.first.org/cvss/).
Base Score: 7.2 (AV:L/AC:L/Au:N/C:C/I:C/A:C)
Technique Details
Prerequisite: The attacker has access to the system;
Attacking procedure: This vulnerability exists due to the way DLL files are
loaded by Notepad++. It allows an attacker to load a DLL file of the attacker?s
choosing that could execute arbitrary code without the user's knowledge. The
specific flaw exists within the handling of some DLL file loading by the
Notepad++ process.
References:
https://packetstormsecurity.com/files/137817/Notepad-6.9.2-DLL-Hijacking.html
https://github.com/notepad-plus-plus/notepad-plus-plus/issues/2086
https://github.com/notepad-plus-plus/notepad-plus-plus/commit/f8a24efa9068c30cd732e5e209c5a1b6499d2d31
Vendor fixes available.
Chao,
Himanshu Mehta