Detections
Analytics

Notepad++ 6.6.9 Unspecified Buffer Overflow Vulnerability

medium Nessus Network Monitor Plugin ID 8605

Synopsis

The remote client is utilizing an outdated version of Notepad++, a text editor application.

Description

Notepad++ version 6.6.9 is vulnerable to a potential buffer overflow issue related to handling XML files, which could result in arbitrary code execution; other earlier versions may be vulnerable.

Solution

No word from the vendor regarding a fix for this vulnerability at this time; however, the issue affects handling of specially-crafted XML files, so extra inspection regarding the input file can be taken. Additionally, regular update checks should be taken to ensure that fixes are applied.

See Also

http://downloads.securityfocus.com/vulnerabilities/exploits/71806.py

Plugin Details

Severity: Medium

ID: 8605

Family: Generic

Published: 1/6/2015

Updated: 3/6/2019

Risk Information

VPR

Risk Factor: Medium

Score: 6.7

CVSS v2

Risk Factor: Medium

Base Score: 6.8

Temporal Score: 5.5

Vector: CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P

CVSS v3

Risk Factor: Medium

Base Score: 5.6

Temporal Score: 4.9

Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L

Temporal Vector: CVSS:3.0/E:P/RL:X/RC:U

Vulnerability Information

CPE: cpe:/a:don_ho:notepad%2b%2b:6.6.9

Patch Publication Date: 12/23/2014

Vulnerability Publication Date: 12/22/2014

Reference Information

CVE: CVE-2014-9456

BID: 71806