Notepad++ Input Validation Flaws Leads to uncontrolled Search Path Vulnerability
Notepad++ has been came upon with an uncontrolled search route vulnerability, which could also allow threat actors to search an untrusted search route. This vulnerability has been disclosed to Notepad++, and a patch has but to be equipped.
Notepad++ is a easy textual assert editor for Home windows with many extra capabilities and must composed be frail to commence or edit code files written in diverse programming languages. A pair of vulnerabilities in Notepad++ were beforehand reported in August 2023.
CVE-2023-6401: Uncontrolled Search Course in Notepad++
This vulnerability exists in an unknown performance of the file dbghelp.exe, which a threat actor can manipulate to search an untrusted route.
This vulnerability has been classified under “Hijack Execution Float” by the MITRE framework.
Is Your Storage & Backup Programs Entirely Protected? – Look 40-second Tour of SafeGuard
StorageGuard scans, detects, and fixes security misconfigurations and vulnerabilities across plenty of of storage and backup devices.
Notepad++ makes use of a predetermined search path to detect its sources. Nonetheless, this search route could be exploited by threat actors to compromise the Confidentiality, Integrity, and Availability (CIA) triad of the system.
Attackers can target one or extra areas within the specified route and make unauthorized derive entry to to the sources.
Products tormented by this vulnerability consist of Notepad++ versions forward of 8.1.
Notepad++ is but to post a fix and a security advisory for this file.
There used to be no evidence of exploitation of this vulnerability by threat actors. The severity for this vulnerability has been given as 5.3 (Medium) by VulDB.
No diverse more info about this vulnerability has been reported, nor has a publicly on hand exploit been came upon.
To know extra about this vulnerability, VulDB has published a file offering more info.
Source credit : cybersecuritynews.com