Lucene search

[email protected]NVD:CVE-2023-47452

HistoryNov 30, 2023 - 9:15 p.m.

CVE-2023-47452

2023-11-3021:15:08

CWE-427

[email protected]

web.nvd.nist.gov

untrusted search path

notepad++

local users

escalated privileges

msimg32.dll

CVSS3

7.8

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

EPSS

Percentile

5.1%

JSON

An Untrusted search path vulnerability in notepad++ 6.5 allows local users to gain escalated privileges through the msimg32.dll file in the current working directory.

Affected configurations

Nvd

Node

notepad-plus-plusnotepad\+\+Match6.5

VendorProductVersionCPE
notepad-plus-plusnotepad\+\+6.5cpe:2.3:a:notepad-plus-plus:notepad\+\+:6.5:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
notepad-plus-plus	notepad\+\+	6.5	cpe:2.3:a:notepad-plus-plus:notepad\+\+:6.5:::::::*

References

github.com/xieqiang11/poc-1/tree/main

CVSS3

7.8

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

EPSS

Percentile

5.1%

JSON

Related for NVD:CVE-2023-47452

prion1 cvelist1 cve1 osv1