The vulnerability of the sub-component SciLexer.dll, a text editing component of the text editor Scintilla (Notepad++), allows an attacker to cause a service failure or execute arbitrary code.

🗓️ 09 Dec 2019 00:00:00Reported by FSTEC of Russia — Information Security Threat DatabaseType

bdu_fstec

bdu_fstec🔗 bdu.fstec.ru

Vulnerability in SciLexer.dll of Scintilla Notepad++ allows arbitrary code execution or failure via a crafted .ml file.

Reporter	Title	Published	Views	Family All 10
CVE	CVE-2019-16294	14 Sep 201915:39	–	cve
Cvelist	CVE-2019-16294	14 Sep 201915:39	–	cvelist
Exploit DB	Notepad++ < 7.7 (x64) - Denial of Service	16 Sep 201900:00	–	exploitdb
EUVD	EUVD-2019-7089	14 Sep 201915:39	–	euvd
NVD	CVE-2019-16294	14 Sep 201916:15	–	nvd
OpenVAS	Notepad++ < 7.7 RCE Vulnerability	2 Aug 202200:00	–	openvas
OSV	CVE-2019-16294	14 Sep 201916:15	–	osv
Prion	Remote code execution	14 Sep 201916:15	–	prion
Positive Technologies	PT-2019-3959 · Notepad++ · Notepad++	14 Sep 201900:00	–	ptsecurity
RedhatCVE	CVE-2019-16294	7 Jan 202609:30	–	redhatcve

Vulners

Node

don_ho notepad++Range<7.7

Source	Link
packetstormsecurity	www.packetstormsecurity.com/files/154706/Notepad-Code-Execution-Denial-Of-Service.html
github	www.github.com/bi7s/CVE/tree/master/CVE-2019-16294
notepad-plus-plus	www.notepad-plus-plus.org/download/v7.7.html
scintilla	www.scintilla.org/ScintillaHistory.html
web	www.web.nvd.nist.gov/view/vuln/detail

09 Dec 2019 00:00Current

CVSS 26.8

CVSS 37.8

EPSS0.13617

SciLexer.dll vulnerability Scintilla Notepad++Notepad plus plus crafted ml file arbitrary code execution service failure