Notepad++ 6.6.9 Unspecified Buffer Overflow Vulnerability

Medium Nessus Network Monitor Plugin ID 8605


The remote client is utilizing an outdated version of Notepad++, a text editor application.


Notepad++ version 6.6.9 is vulnerable to a potential buffer overflow issue related to handling XML files, which could result in arbitrary code execution; other earlier versions may be vulnerable.


No word from the vendor regarding a fix for this vulnerability at this time; however, the issue affects handling of specially-crafted XML files, so extra inspection regarding the input file can be taken. Additionally, regular update checks should be taken to ensure that fixes are applied.

See Also

Plugin Details

Severity: Medium

ID: 8605

Family: Generic

Published: 2015/01/06

Modified: 2016/02/05

Dependencies: 5266

Risk Information

Risk Factor: Medium


Base Score: 6.8

Temporal Score: 5.5

Vector: CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P

Temporal Vector: CVSS2#E:POC/RL:ND/RC:UC


Base Score: 5.6

Temporal Score: 4.8


Temporal Vector: CVSS3#E:P/RL:X/RC:U

Vulnerability Information

CPE: cpe:/a:don_ho:notepad%2b%2b:6.6.9

Patch Publication Date: 2014/12/23

Vulnerability Publication Date: 2014/12/22

Reference Information

CVE: CVE-2014-9456

BID: 71806