vendor:
Notepad++
by:
Sun Junwen
7,5
CVSS
HIGH
Stack Buffer Overflow
120
CWE
Product Name: Notepad++
Affected Version From: Notepad ++ 6.3.2 with Notepad# plugin (1.5) and Explorer plugin (1.8.2)
Affected Version To: Notepad ++ 6.3.2 with Notepad# plugin (1.5) and Explorer plugin (1.8.2)
Patch Exists: YES
Related CWE: N/A
CPE: N/A
Metasploit:
N/A
Other Scripts:
N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References:
N/A
Nuclei Metadata: N/A
Platforms Tested: Windows XP SP3 EN
2013
Notepad++ – Notepad# plugin local exploit
With Notepad# plugin (1.5) and Explorer plugin (1.8.2) installed in Notepad ++ 6.3.2, open the html file in attachement, click Enter in the last </script> tag, Npp will crash and calc.exe will open. Without Explorer plugin, these still can be exploit. Explorer plugin makes this easier. NotepadSharp plugin has several stack buffer overflow bug. In its PluginDefinition.cpp file, there are some char buffer whose length are 9999. They are all defined on stack. So if some strcpy/memcpy copy more than 9999 chars to these buffers, it leads to a stack overflow.
Mitigation:
Upgrade to the latest version of Notepad++ and Notepad# plugin.
