CVE-2023-6401

A vulnerability classified as problematic was found in NotePad++ up to 8.1. Affected by this vulnerability is an unknown functionality of the file dbghelp.exe. The manipulation leads to uncontrolled search path. An attack has to be approached locally. The identifier VDB-246421 was assigned to thi...

CVE-2008-3436

The GUP generic update process in Notepad++ before 4.8.1 does not properly verify the authenticity of updates, which allows man-in-the-middle attackers to execute arbitrary code via a Trojan horse update, as demonstrated by evilgrade and DNS cache poisoning...

Notepad++ < 8.4.1 DLL hijacking vulnerability

Notepad++ versions 8.4.1 and before are vulnerable to DLL hijacking where an attacker can replace the vulnerable dll UxTheme.dll with his own dll and run arbitrary code in the context of Notepad++. Note that Nessus has not tested for this issue but has instead relied only on the application's...

Notepad++ < 8.1.1 Arbitrary Code Execution

The version of Notepad++ installed on the remote host is prior to 8.1.1. It is, therefore, affected by a arbitary code execution vulnerability in the dbghelp.exe file, allowing a attacker with local access to abuse the uncontrolled search path to execute arbitrary code and gain access. Note that...

CVE-2024-42036

Access permission verification vulnerability in the Notepad module Impact: Successful exploitation of this vulnerability may affect service confidentiality...

CVE-2024-42036

Access permission verification vulnerability in the Notepad module Impact: Successful exploitation of this vulnerability may affect service confidentiality...

CVE-2024-42036

Access permission verification vulnerability in the Notepad module Impact: Successful exploitation of this vulnerability may affect service confidentiality...

CVE-2024-42036

Access permission verification vulnerability in the Notepad module Impact: Successful exploitation of this vulnerability may affect service confidentiality...

CVE-2024-42036

The provided connected documents confirm CVE-2024-42036 affects the Notepad module with an access permission verification weakness that can impact confidentiality. According to the NVD entry, the base CVSS v3.1 is 7.5 (HIGH) with NETWORK attack vector, LOW attack complexity, NO privileges require...

PT-2024-29702 · Microsoft · Notepad++

Name of the Vulnerable Software and Affected Versions: Notepad affected versions not specified Description: A vulnerability exists in the access permission verification of the Notepad module. Successful exploitation of this issue may impact service confidentiality. Recommendations: At the moment,...

The Stark Truth Behind the Resurgence of Russia’s Fin7

The Russia-based cybercrime group dubbed "Fin7," known for phishing and malware attacks that have cost victim organizations an estimated $3 billion in losses since 2013, was declared dead last year by U.S. authorities. But experts say Fin7 has roared back to life in 2024 -- setting up thousands o...

[SECURITY] Fedora 39 Update: rust-lino-0.10.0-9.fc39

A command line text editor with notepad like key bindings...

[SECURITY] Fedora 40 Update: rust-lino-0.10.0-9.fc40

A command line text editor with notepad like key bindings...

Notepad++ Plugin Compromised to Inject Malicious Code

...

From PDFs to Payload: Bogus Adobe Acrobat Reader Installers Distribute Byakugan Malware

Bogus installers for Adobe Acrobat Reader are being used to distribute a new multi-functional malware dubbed Byakugan. The starting point of the attack is a PDF file written in Portuguese that, when opened, shows a blurred image and asks the victim to click on a link to download the Reader...

Malicious Ads Targeting Chinese Users with Fake Notepad++ and VNote Installers

Chinese users looking for legitimate software such as Notepad++ and VNote on search engines like Baidu are being targeted with malicious ads and bogus links to distribute trojanized versions of the software and ultimately deploy Geacon, a Golang-based implementation of Cobalt Strike. "The malicio...

What’s in your notepad? Infected text editors target Chinese users

"Malvertising" is a popular way of attracting victims to malicious sites: an advertisement block is placed at the top of the search results, increasing the likelihood of users clicking the link. Sites at the top of search results also tend to be more trusted by users. A year ago, our experts...

WogRAT Backdoor Poses Risk to Windows and Linux Users

Summary: WogRAT, a backdoor malware targeting both Windows and Linux, spreads through aNotepad, an online notepad service. It disguises itself as system tools to trick users into downloading it, mainly targeting users in Asia. Users are cautioned to download software from official sources and...

PT-2024-17316 · Rizone Soft · Notepad3

Name of the Vulnerable Software and Affected Versions: Rizone Soft Notepad3 version 1.0.2.350 Description: A problematic issue was found in the Encryption Passphrase Handler component, affecting an unknown function. This issue leads to denial of service and requires local attacking. The exploit h...

CVE-2023-47452

An Untrusted search path vulnerability in notepad++ 6.5 allows local users to gain escalated privileges through the msimg32.dll file in the current working directory...