8.3 High
AI Score
Confidence
Low
7.6 High
CVSS2
Access Vector
NETWORK
Access Complexity
HIGH
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:H/Au:N/C:C/I:C/A:C
0.194 Low
EPSS
Percentile
96.3%
Stack-based buffer overflow in LexRuby.cxx (SciLexer.dll) in Scintilla 1.73, as used by notepad++ 4.1.1 and earlier, allows user-assisted remote attackers to execute arbitrary code via certain Ruby (.rb) files with long lines. NOTE: this was originally reported as a vulnerability in notepad++.
CPE | Name | Operator | Version |
---|---|---|---|
notepad\+\+:notepad\+\+ | notepad\+\+ | le | 4.1.1 |
scintilla:scintilla | scintilla | eq | 1.73 |
osvdb.org/36007
scintilla.cvs.sourceforge.net/scintilla/scintilla/src/LexRuby.cxx?view=log#rev1.13
secunia.com/advisories/25245
secunia.com/advisories/25327
www.securityfocus.com/archive/1/468529/100/0/threaded
www.securityfocus.com/archive/1/469348/100/100/threaded
www.securityfocus.com/bid/23961
www.vupen.com/english/advisories/2007/1794
www.vupen.com/english/advisories/2007/1867
exchange.xforce.ibmcloud.com/vulnerabilities/34269
exchange.xforce.ibmcloud.com/vulnerabilities/34372
www.exploit-db.com/exploits/3912