Описание
Notepad++ 7.3.3 (32-bit) with Hex Editor Plugin v0.9.5 might allow user-assisted attackers to execute code via a crafted file, because of a "Data from Faulting Address controls Code Flow" issue. One threat model is a victim who obtains an untrusted crafted file from a remote location and issues several user-defined commands.
Ссылки
- Third Party Advisory
- Third Party Advisory
Уязвимые конфигурации
Конфигурация 1
Одновременно
cpe:2.3:a:mh-nexus:hex_editor:0.9.5:*:*:*:*:*:*:*
cpe:2.3:a:notepad-plus-plus:notepad\+\+:7.3.3:*:*:*:*:*:*:*
EPSS
Процентиль: 54%
0.00313
Низкий
7.8 High
CVSS3
6.8 Medium
CVSS2
Дефекты
CWE-119
Связанные уязвимости
CVSS3: 7.8
github
больше 3 лет назад
Notepad++ 7.3.3 (32-bit) with Hex Editor Plugin v0.9.5 might allow user-assisted attackers to execute code via a crafted file, because of a "Data from Faulting Address controls Code Flow" issue. One threat model is a victim who obtains an untrusted crafted file from a remote location and issues several user-defined commands.
EPSS
Процентиль: 54%
0.00313
Низкий
7.8 High
CVSS3
6.8 Medium
CVSS2
Дефекты
CWE-119