ID CVE-2019-16294Type cveReporter cve@mitre.orgModified 2020-08-24T17:37:00
Description
SciLexer.dll in Scintilla in Notepad++ (x64) before 7.7 allows remote code execution or denial of service via Unicode characters in a crafted .ml file.
{"id": "CVE-2019-16294", "bulletinFamily": "NVD", "title": "CVE-2019-16294", "description": "SciLexer.dll in Scintilla in Notepad++ (x64) before 7.7 allows remote code execution or denial of service via Unicode characters in a crafted .ml file.", "published": "2019-09-14T16:15:00", "modified": "2020-08-24T17:37:00", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}, "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-16294", "reporter": "cve@mitre.org", "references": ["https://www.scintilla.org/ScintillaHistory.html", "https://github.com/bi7s/CVE/tree/master/CVE-2019-16294", "https://notepad-plus-plus.org/download/v7.7.html", "http://packetstormsecurity.com/files/154706/Notepad-Code-Execution-Denial-Of-Service.html"], "cvelist": ["CVE-2019-16294"], "type": "cve", "lastseen": "2021-02-02T07:12:54", "edition": 10, "viewCount": 57, "enchantments": {"dependencies": {"references": [{"type": "exploitdb", "idList": ["EDB-ID:47393"]}], "modified": "2021-02-02T07:12:54", "rev": 2}, "score": {"value": 6.5, "vector": "NONE", "modified": "2021-02-02T07:12:54", "rev": 2}, "vulnersScore": 6.5}, "cpe": ["cpe:/a:scintilla:scintilla:-"], "affectedSoftware": [{"cpeName": "scintilla:scintilla", "name": "scintilla", "operator": "eq", "version": "-"}, {"cpeName": "notepad-plus-plus:notepad\\+\\+", "name": "notepad-plus-plus notepad\\+\\+", "operator": "lt", "version": "7.7"}], "cvss2": {"acInsufInfo": false, "cvssV2": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 6.8, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "MEDIUM", "userInteractionRequired": true}, "cvss3": {"cvssV3": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 5.9}, "cpe23": ["cpe:2.3:a:scintilla:scintilla:-:*:*:*:*:*:*:*"], "cwe": ["CWE-787"], "scheme": null, "cpeConfiguration": {"CVE_data_version": "4.0", "nodes": [{"cpe_match": [{"cpe23Uri": "cpe:2.3:a:notepad-plus-plus:notepad\\+\\+:7.7:*:*:*:*:*:*:*", "versionEndExcluding": "7.7", "vulnerable": true}], "operator": "OR"}, {"cpe_match": [{"cpe23Uri": "cpe:2.3:a:scintilla:scintilla:-:*:*:*:*:*:*:*", "vulnerable": true}], "operator": "OR"}]}, "extraReferences": [{"name": "https://notepad-plus-plus.org/download/v7.7.html", "refsource": "MISC", "tags": ["Release Notes", "Vendor Advisory"], "url": "https://notepad-plus-plus.org/download/v7.7.html"}, {"name": "https://github.com/bi7s/CVE/tree/master/CVE-2019-16294", "refsource": "MISC", "tags": ["Third Party Advisory", "Exploit"], "url": "https://github.com/bi7s/CVE/tree/master/CVE-2019-16294"}, {"name": "https://www.scintilla.org/ScintillaHistory.html", "refsource": "MISC", "tags": ["Release Notes", "Vendor Advisory"], "url": "https://www.scintilla.org/ScintillaHistory.html"}, {"name": "http://packetstormsecurity.com/files/154706/Notepad-Code-Execution-Denial-Of-Service.html", "refsource": "MISC", "tags": [], "url": "http://packetstormsecurity.com/files/154706/Notepad-Code-Execution-Denial-Of-Service.html"}], "immutableFields": []}
{"exploitdb": [{"lastseen": "2020-06-18T10:41:43", "description": "", "published": "2019-09-16T00:00:00", "type": "exploitdb", "title": "Notepad++ < 7.7 (x64) - Denial of Service", "bulletinFamily": "exploit", "cvelist": ["CVE-2019-16294"], "modified": "2019-09-16T00:00:00", "id": "EDB-ID:47393", "href": "https://www.exploit-db.com/exploits/47393", "sourceData": "# Exploit Title: Notepad++ all x64 versions before 7.7. Remote memory corruption via .ml file.\r\n# Google Dork: N/A\r\n# Date: 2019-09-14\r\n# Exploit Author: Bogdan Kurinnoy (b.kurinnoy@gmail.com)\r\n# Vendor Homepage: https://notepad-plus-plus.org/\r\n# Version: < 7.7\r\n# Tested on: Windows x64\r\n# CVE : CVE-2019-16294\r\n\r\n# Description:\r\n\r\nSciLexer.dll in Scintilla in Notepad++ (x64) before 7.7 allows remote code execution or denial of service via Unicode characters in a crafted .ml file. \r\n\r\nOpen aaaaa.ml via affected notepad++ \r\n\r\nPOC files:\r\n\r\nhttps://github.com/offensive-security/exploit-database-bin-sploits/raw/master/bin-sploits/47393.zip\r\n\r\nResult:\r\n\r\n(230.c64): Access violation - code c0000005 (first chance)\r\nFirst chance exceptions are reported before any exception handling.\r\nThis exception may be expected and handled.\r\n*** ERROR: Symbol file could not be found. Defaulted to export symbols for C:\\Program Files\\Notepad++\\SciLexer.dll -\r\nrax=00007ff8e64014c0 rbx=00000000000aaaaa rcx=00000000000aaaaa\r\nrdx=0000000000000003 rsi=0000000000000000 rdi=00000000ffffffff\r\nrip=00007ff8e63c071d rsp=000000aa06463d60 rbp=000000aa06463e81\r\nr8=0000000000002fc8 r9=0000000000000000 r10=000000000000fde9\r\nr11=000000aa06463d90 r12=0000000000000000 r13=0000000000000000\r\nr14=0000000000000001 r15=0000000000000002\r\niopl=0 nv up ei pl zr na po nc\r\ncs=0033 ss=002b ds=002b es=002b fs=0053 gs=002b efl=00010246\r\nSciLexer!Scintilla_DirectFunction+0x950dd:\r\n00007ff8e63c071d 0fb70458 movzx eax,word ptr [rax+rbx*2] ds:00007ff8e6556a14=????", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}, "sourceHref": "https://www.exploit-db.com/download/47393"}]}
