Lucene search

[email protected]CVE-2007-2666

HistoryMay 14, 2007 - 11:19 p.m.

CVE-2007-2666

2007-05-1423:19:00

CWE-119

[email protected]

web.nvd.nist.gov

cve-2007-2666

buffer overflow

scintilla

remote code execution

notepad++

vulnerability

8.3 High

AI Score

Confidence

Low

7.6 High

CVSS2

Access Vector

NETWORK

Access Complexity

HIGH

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:H/Au:N/C:C/I:C/A:C

0.194 Low

EPSS

Percentile

96.3%

JSON

Stack-based buffer overflow in LexRuby.cxx (SciLexer.dll) in Scintilla 1.73, as used by notepad++ 4.1.1 and earlier, allows user-assisted remote attackers to execute arbitrary code via certain Ruby (.rb) files with long lines. NOTE: this was originally reported as a vulnerability in notepad++.

CPENameOperatorVersion
notepad\+\+:notepad\+\+notepad\+\+le4.1.1
scintilla:scintillascintillaeq1.73

CPE	Name	Operator	Version
notepad\+\+:notepad\+\+	notepad\+\+	le	4.1.1
scintilla:scintilla	scintilla	eq	1.73

References

osvdb.org/36007

scintilla.cvs.sourceforge.net/scintilla/scintilla/src/LexRuby.cxx?view=log#rev1.13

secunia.com/advisories/25245

secunia.com/advisories/25327

www.securityfocus.com/archive/1/468529/100/0/threaded

www.securityfocus.com/archive/1/469348/100/100/threaded

www.securityfocus.com/bid/23961

www.vupen.com/english/advisories/2007/1794

www.vupen.com/english/advisories/2007/1867

exchange.xforce.ibmcloud.com/vulnerabilities/34269

exchange.xforce.ibmcloud.com/vulnerabilities/34372

www.exploit-db.com/exploits/3912

8.3 High

AI Score

Confidence

Low

7.6 High

CVSS2

Access Vector

NETWORK

Access Complexity

HIGH

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:H/Au:N/C:C/I:C/A:C

0.194 Low

EPSS

Percentile

96.3%

JSON

Related for CVE-2007-2666

cvelist1 nessus1 prion1