CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:P/I:P/A:P
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
EPSS
Percentile
80.7%
# Exploit Title: Notepad++ all x64 versions before 7.7. Remote memory corruption via .ml file.
# Google Dork: N/A
# Date: 2019-09-14
# Exploit Author: Bogdan Kurinnoy ([email protected])
# Vendor Homepage: https://notepad-plus-plus.org/
# Version: < 7.7
# Tested on: Windows x64
# CVE : CVE-2019-16294
# Description:
SciLexer.dll in Scintilla in Notepad++ (x64) before 7.7 allows remote code execution or denial of service via Unicode characters in a crafted .ml file.
Open aaaaa.ml via affected notepad++
POC files:
https://gitlab.com/exploit-database/exploitdb-bin-sploits/-/raw/main/bin-sploits/47393.zip
Result:
(230.c64): Access violation - code c0000005 (first chance)
First chance exceptions are reported before any exception handling.
This exception may be expected and handled.
*** ERROR: Symbol file could not be found. Defaulted to export symbols for C:\Program Files\Notepad++\SciLexer.dll -
rax=00007ff8e64014c0 rbx=00000000000aaaaa rcx=00000000000aaaaa
rdx=0000000000000003 rsi=0000000000000000 rdi=00000000ffffffff
rip=00007ff8e63c071d rsp=000000aa06463d60 rbp=000000aa06463e81
r8=0000000000002fc8 r9=0000000000000000 r10=000000000000fde9
r11=000000aa06463d90 r12=0000000000000000 r13=0000000000000000
r14=0000000000000001 r15=0000000000000002
iopl=0 nv up ei pl zr na po nc
cs=0033 ss=002b ds=002b es=002b fs=0053 gs=002b efl=00010246
SciLexer!Scintilla_DirectFunction+0x950dd:
00007ff8e63c071d 0fb70458 movzx eax,word ptr [rax+rbx*2] ds:00007ff8e6556a14=????
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:P/I:P/A:P
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
EPSS
Percentile
80.7%