Just one text file can turn your system into a toy for intruders.
Cybersecurity experts have discovered several dangerous vulnerabilities in the popular Notepad++ text editor . These vulnerabilities are based on Buffer Overflow and can be used by attackers to execute arbitrary code on the victim's computer.
The vulnerabilities were reported by one of the researchers from GitHub. According to its recent report , the following critical vulnerabilities are present in Notepad++:
These vulnerabilities allow an attacker to gain full control over the vulnerable system when the victim opens a plain text file (specially prepared in advance). At the time of publication of this news, Notepad++ developers have not yet released updates that address the security flaws described above.
Notepad++ is a popular open-source cross-platform text editor written in C++. It supports convenient work with multiple tabs and files in a single window. Notepad++ is used by millions of developers and IT professionals around the world.
Experts recommend that users of Notepad++ use caution when opening unverified files until official fixes are released. Cybercriminals can actively use these vulnerabilities for attacks, including using them in malware.
The developers of Notepad++ have not yet commented on the situation or announced plans to eliminate them. According to the rules of vulnerability disclosure, information about them was published in the public domain after the deadline set for their correction. In other words, developers of the company responsible for developing advanced notepad were notified of the vulnerabilities in advance.
Experts remind you that timely installation of security updates is an important measure of protection against cyber threats. Therefore, users are advised to regularly check for updates to the programs they are using and install them immediately. This will allow you to neutralize security threats in a timely manner and avoid possible negative consequences.
Cybersecurity experts have discovered several dangerous vulnerabilities in the popular Notepad++ text editor . These vulnerabilities are based on Buffer Overflow and can be used by attackers to execute arbitrary code on the victim's computer.
The vulnerabilities were reported by one of the researchers from GitHub. According to its recent report , the following critical vulnerabilities are present in Notepad++:
- CVE-2023-40031 (CVSS 7.8) - Buffer overflow in UTF encoding conversion function;
- CVE-2023-40036 (CVSS 5.5) - Global buffer overflow in the character analysis module;
- CVE-2023-40164 (CVSS 7.8) - Global buffer overflow in the uchardet library;
- CVE-2023-40166 (CVSS 7.8) - buffer overflow when determining the language of the file being opened.
These vulnerabilities allow an attacker to gain full control over the vulnerable system when the victim opens a plain text file (specially prepared in advance). At the time of publication of this news, Notepad++ developers have not yet released updates that address the security flaws described above.
Notepad++ is a popular open-source cross-platform text editor written in C++. It supports convenient work with multiple tabs and files in a single window. Notepad++ is used by millions of developers and IT professionals around the world.
Experts recommend that users of Notepad++ use caution when opening unverified files until official fixes are released. Cybercriminals can actively use these vulnerabilities for attacks, including using them in malware.
The developers of Notepad++ have not yet commented on the situation or announced plans to eliminate them. According to the rules of vulnerability disclosure, information about them was published in the public domain after the deadline set for their correction. In other words, developers of the company responsible for developing advanced notepad were notified of the vulnerabilities in advance.
Experts remind you that timely installation of security updates is an important measure of protection against cyber threats. Therefore, users are advised to regularly check for updates to the programs they are using and install them immediately. This will allow you to neutralize security threats in a timely manner and avoid possible negative consequences.
