Notepad++ 6.6.9 Unspecified Buffer Overflow Vulnerability

Medium Nessus Network Monitor Plugin ID 8605

Synopsis

The remote client is utilizing an outdated version of Notepad++, a text editor application.

Description

Notepad++ version 6.6.9 is vulnerable to a potential buffer overflow issue related to handling XML files, which could result in arbitrary code execution; other earlier versions may be vulnerable.

Solution

No word from the vendor regarding a fix for this vulnerability at this time; however, the issue affects handling of specially-crafted XML files, so extra inspection regarding the input file can be taken. Additionally, regular update checks should be taken to ensure that fixes are applied.

See Also

http://downloads.securityfocus.com/vulnerabilities/exploits/71806.py

Plugin Details

Severity: Medium

ID: 8605

Family: Generic

Published: 2015/01/06

Modified: 2016/02/05

Dependencies: 5266

Risk Information

Risk Factor: Medium

CVSSv2

Base Score: 6.8

Temporal Score: 5.5

Vector: CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P

Temporal Vector: CVSS2#E:POC/RL:ND/RC:UC

CVSSv3

Base Score: 5.6

Temporal Score: 4.8

Vector: CVSS3#AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L

Temporal Vector: CVSS3#E:P/RL:X/RC:U

Vulnerability Information

CPE: cpe:/a:don_ho:notepad%2b%2b:6.6.9

Patch Publication Date: 2014/12/23

Vulnerability Publication Date: 2014/12/22

Reference Information

CVE: CVE-2014-9456

BID: 71806