Notepad++ Ruby Source File Processing Buffer Overflow Vulnerability
BID:23961
Info
Notepad++ Ruby Source File Processing Buffer Overflow Vulnerability
| Bugtraq ID: | 23961 |
| Class: | Boundary Condition Error |
| CVE: |
CVE-2007-2666 |
| Remote: | Yes |
| Local: | No |
| Published: | May 12 2007 12:00AM |
| Updated: | May 24 2007 01:37AM |
| Credit: | vade79/v9 is credited with the discovery of this issue. |
| Vulnerable: |
Scintilla Scintilla 1.73 Notepad Plus Plus Notepad++ 4.1 |
| Not Vulnerable: | |
Discussion
Notepad++ Ruby Source File Processing Buffer Overflow Vulnerability
Notepad++ is prone to a buffer-overflow vulnerability because the application fails to properly bounds-check user-supplied data before copying it to an insufficiently sized memory buffer while importing Ruby source files.
Exploiting this issue allows attackers to execute arbitrary machine code in the context of the user running the affected application.
Notepad++ 4.1 is vulnerable to this issue; previous versions may be affected as well.
Scintilla 1.73 is vulnerable to this issue; other versions and applications that use the vulnerable Scintilla DLL file ('SciLexer.dll') are vulnerable as well.
Notepad++ is prone to a buffer-overflow vulnerability because the application fails to properly bounds-check user-supplied data before copying it to an insufficiently sized memory buffer while importing Ruby source files.
Exploiting this issue allows attackers to execute arbitrary machine code in the context of the user running the affected application.
Notepad++ 4.1 is vulnerable to this issue; previous versions may be affected as well.
Scintilla 1.73 is vulnerable to this issue; other versions and applications that use the vulnerable Scintilla DLL file ('SciLexer.dll') are vulnerable as well.
Exploit / POC
Notepad++ Ruby Source File Processing Buffer Overflow Vulnerability
Proof-of-concept exploits are available for this issue.
Proof-of-concept exploits are available for this issue.
Solution / Fix
Notepad++ Ruby Source File Processing Buffer Overflow Vulnerability
Solution:
The vendor released an update fixes to address this issue. Please see the references for more information.
Notepad Plus Plus Notepad++ 4.1
Scintilla Scintilla 1.73
Solution:
The vendor released an update fixes to address this issue. Please see the references for more information.
Notepad Plus Plus Notepad++ 4.1
-
Notepad++ npp.4.1.2.Installer.exe
http://downloads.sourceforge.net/notepad-plus/npp.4.1.2.Installer.exe? modtime=1179711638&big_mirror=0
Scintilla Scintilla 1.73
-
Scintilla LexRuby.cxx
http://iagorubio.com/scintilla/LexRuby.cxx
References
Notepad++ Ruby Source File Processing Buffer Overflow Vulnerability
References:
References:
- [scintilla] Secunia Advisory on SciLexer.dll (Iago Rubio)
- Notepad++ Homepage (Notepad++)
- Notepad++ v4.1.2 Release Notes (Notepad++)
- Vendor Homepage (Scintilla)
- notepad++[v4.1]: (win32) ruby file processing buffer overflow exploit (v9
- Re: notepad++[v4.1]: (win32) ruby file processing buffer overflow exploit. ( Jerome Athias)