PT-2023-30454 · Notepad++ · Notepad++
Published
2023-11-30
·
Updated
2023-12-06
·
CVE-2023-47452
CVSS v3.1
7.8
High
| Vector | AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
notepad++ version 6.5
Description
An Untrusted search path issue allows local users to gain escalated privileges through the msimg32.dll file in the current working directory.
Recommendations
For notepad++ version 6.5, consider restricting access to the msimg32.dll file in the current working directory to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.
Exploit
Uncontrolled Search Path Element
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Notepad++