CVE-2017-8803

Name of the Vulnerable Software and Affected Versions Notepad++ version 7.3.3

Description The issue allows user-assisted attackers to execute code via a crafted file, because of a "Data from Faulting Address controls Code Flow" issue. A threat model is a victim who obtains an untrusted crafted file from a remote location and issues several user-defined commands.

Recommendations For Notepad++ version 7.3.3, consider removing or disabling the Hex Editor Plugin v0.9.5 until a patch is available. As a temporary workaround, avoid opening untrusted crafted files and refrain from issuing user-defined commands on such files.