Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
openvasCopyright (C) 2015 Greenbone AGOPENVAS:1361412562310805318
HistoryJan 09, 2015 - 12:00 a.m.

Notepad++ Buffer overflow Vulnerability (Jan 2015) - Windows

2015-01-0900:00:00
Copyright (C) 2015 Greenbone AG
plugins.openvas.org
24

CVSS2

10

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

AI Score

7.1

Confidence

Low

EPSS

0.008

Percentile

81.7%

JSON

Notepad++ is prone to a buffer overflow vulnerability.

# SPDX-FileCopyrightText: 2015 Greenbone AG
# Some text descriptions might be excerpted from (a) referenced
# source(s), and are Copyright (C) by the respective right holder(s).
#
# SPDX-License-Identifier: GPL-2.0-only

CPE = "cpe:/a:notepad-plus-plus:notepad++";

if(description)
{
  script_oid("1.3.6.1.4.1.25623.1.0.805318");
  script_version("2024-02-08T05:05:59+0000");
  script_cve_id("CVE-2014-9456");
  script_tag(name:"cvss_base", value:"10.0");
  script_tag(name:"cvss_base_vector", value:"AV:N/AC:L/Au:N/C:C/I:C/A:C");
  script_tag(name:"last_modification", value:"2024-02-08 05:05:59 +0000 (Thu, 08 Feb 2024)");
  script_tag(name:"creation_date", value:"2015-01-09 13:19:25 +0530 (Fri, 09 Jan 2015)");
  script_name("Notepad++ Buffer overflow Vulnerability (Jan 2015) - Windows");
  script_category(ACT_GATHER_INFO);
  script_copyright("Copyright (C) 2015 Greenbone AG");
  script_family("Buffer overflow");
  script_dependencies("gb_notepadpp_detect_portable_win.nasl");
  script_mandatory_keys("Notepad++32or64/Win/installed");

  script_xref(name:"URL", value:"http://www.exploit-db.com/exploits/35589");
  script_xref(name:"URL", value:"http://www.security-database.com/detail.php?alert=CVE-2014-9456");

  script_tag(name:"summary", value:"Notepad++ is prone to a buffer overflow vulnerability.");

  script_tag(name:"vuldetect", value:"Checks if a vulnerable version is present on the target host.");

  script_tag(name:"insight", value:"The flaw exists as the user-supplied input
  is not properly validated when handling a specially crafted XML file.");

  script_tag(name:"impact", value:"Successful exploitation will allow
  attackers to conduct denial of service attack or potentially allowing the
  execution of arbitrary code.");

  script_tag(name:"affected", value:"Notepad++ version 6.6.9 on Windows.");

  script_tag(name:"solution", value:"Upgrade to Notepad++ version 6.7 or later.");

  script_tag(name:"qod_type", value:"registry");
  script_tag(name:"solution_type", value:"VendorFix");

  exit(0);
}

include("host_details.inc");
include("version_func.inc");

if( ! infos = get_app_version_and_location( cpe:CPE, exit_no_version:TRUE ) ) exit( 0 );
vers = infos['version'];
path = infos['location'];

if( version_is_less( version:vers, test_version:"6.7" ) ) {
  report = report_fixed_ver( installed_version:vers, fixed_version:"6.7", install_path:path );
  security_message( port:0, data:report );
  exit( 0 );
}

exit( 99 );

Related

exploitdb 1
prion 2
nvd 2
cvelist 1
cve 2
exploitdb
exploitdb
Notepad++ 6.6.9 - Buffer Overflow
2014-12-22 00:00:00
prion
prion
Design/Logic Flaw
2015-01-10 00:59:00
Buffer overflow
2015-01-02 20:59:00
nvd
nvd
CVE-2014-1004
2015-01-10 00:59:00
CVE-2014-9456
2015-01-02 20:59:16
cvelist
cvelist
CVE-2014-9456
2015-01-02 20:00:00
cve
cve
CVE-2014-9456
2015-01-02 20:59:16
CVE-2014-1004
2015-01-10 00:59:00

CVSS2

10

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

AI Score

7.1

Confidence

Low

EPSS

0.008

Percentile

81.7%

JSON
Related for OPENVAS:1361412562310805318
exploitdb1prion2nvd2cvelist1cve2