Programmer's Notepad ctags Processing Buffer Overflow

high Nessus Plugin ID 31410

Synopsis

The remote Windows host contains an application that is affected by a buffer overflow vulnerability.

Description

Programmer's Notepad, an open source text editor for coders, is installed on the remote host.

The version of Programmer's Notepad installed on the remote host contains a buffer overflow that can be triggered when parsing ctags output. If an attacker can trick a user on the remote host to open a specially crafted file and use the 'Jump To' dialog, this issue could be leveraged to execute arbitrary code subject to the privileges of the current user.

Solution

Upgrade to Programmer's Notepad version 2.0.8.718 or later.

See Also

http://www.nessus.org/u?d6a35cc0

Plugin Details

Severity: High

ID: 31410

File Name: pnotepad_ctags_overflow.nasl

Version: 1.17

Type: local

Agent: windows

Family: Windows

Published: 3/10/2008

Updated: 7/26/2018

Supported Sensors: Nessus Agent, Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 5.9

CVSS v2

Risk Factor: High

Base Score: 9.3

Temporal Score: 6.9

Vector: CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C

Vulnerability Information

CPE: cpe:/a:pnotepad:programmers_notepad

Required KB Items: SMB/Registry/Enumerated

Exploit Ease: No known exploits are available

Reference Information

CVE: CVE-2008-1210

BID: 28119

CWE: 119

Secunia: 29233