Vulners
Lucene search
Notepad++ Plugin Notepad# 1.5 - Local Exploit
# Exploit Title: Notepad++ - Notepad# plugin local exploit
# Google Dork:
# Date: 2013-12-01
# Exploit Author: Sun Junwen
# Vendor Homepage: http://notepad-plus-plus.org/
# Software Link: http://notepad-plus-plus.org/download/
# Version: Notepad ++ 6.3.2 with Notepad# plugin (1.5) and Explorer plugin
(1.8.2)
# Tested on: Windows XP SP3 EN
# CVE :
1. Poc
With Notepad# plugin (1.5) and Explorer plugin (1.8.2) installed in Notepad
++ 6.3.2, open the html file in attachement, click Enter in the last
</script> tag, Npp will crash and calc.exe will open. Without Explorer
plugin, these still can be exploit. Explorer plugin makes this easier.
2. Root cause
NotepadSharp plugin has several stack buffer overflow bug.
In its PluginDefinition.cpp file, there are some char buffer whose length
are 9999. They are all defined on stack.
So if some strcpy/memcpy copy more than 9999 chars to these buffers, it
leads to a stack overflow.
3. Tested on
Windows XP SP3 EN
Notepad ++ 6.3.2
Notepad# plugin (1.5) and Explorer plugin (1.8.2)
Sun Junwen
Trendmicro, CDC
Exploit-DB mirror: http://www.exploit-db.com/sploits/30007.zip
Data
Build on a solid foundation with Vulners data
We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data
Api
Power your application with Vulners API
The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access
App
Assess and manage vulnerabilities with Vulners tools
Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation
01 Jul 2014 00:00Current
7.1High risk
Vulners AI Score7.1