The GUP generic update process in Notepad++ before 4.8.1 does not properly verify the authenticity of updates, which allows man-in-the-middle attackers to execute arbitrary code via a Trojan horse update, as demonstrated by evilgrade and DNS cache poisoning.
CPE | Name | Operator | Version |
---|---|---|---|
notepad\\+\\+ | le | 3.3 | |
notepad\\+\\+ | le | 4.2.1 | |
notepad\\+\\+ | le | 4.4 | |
notepad\\+\\+ | le | 4.0.2 | |
notepad\\+\\+ | le | 1.5 | |
notepad\\+\\+ | le | 4.6 | |
notepad\\+\\+ | le | 2.5 | |
notepad\\+\\+ | le | 4.0 | |
notepad\\+\\+ | le | 2.3 | |
notepad\\+\\+ | le | 2.2 |