Notepad++6.9.2 DLL Hijacking Vulnerability

[mehta.himanshu21 () gmail com]

Aloha,

Notepad++ contains a DLL hijacking vulnerability that could allow an unauthenticated, remote attacker to execute 
arbitrary code on the targeted system. This vulnerability exists due to some DLL file is loaded by 
‘npp.6.9.2.Installer.exe’ improperly. And it allows an attacker to load this DLL file of the attacker’s choosing that 
could execute arbitrary code without the user's knowledge.

Affected Product:

Notepad++ 6.9.2
Download Link: https://notepad-plus-plus.org/news/notepad-6.9.2-released.html

Impact

Attacker can exploit the vulnerability to load a DLL file of the attacker's choosing that could execute arbitrary code. 
This may help attacker to Successful exploits the system if user creates shell as a DLL.

Vulnerability Scoring Details

The vulnerability classification has been performed by using the CVSSv2 scoring system (http://www.first.org/cvss/).
Base Score: 7.2 (AV:L/AC:L/Au:N/C:C/I:C/A:C)

Technique Details

Prerequisite: The attacker has access to the system;
Attacking procedure: This vulnerability exists due to the way DLL files are loaded by Notepad++. It allows an attacker 
to load a DLL file of the attacker’s choosing that could execute arbitrary code without the user's knowledge. The 
specific flaw exists within the handling of some DLL file loading by the Notepad++ process.

References:
https://packetstormsecurity.com/files/137817/Notepad-6.9.2-DLL-Hijacking.html

https://github.com/notepad-plus-plus/notepad-plus-plus/issues/2086

https://github.com/notepad-plus-plus/notepad-plus-plus/commit/f8a24efa9068c30cd732e5e209c5a1b6499d2d31

Vendor fixes available.

Chao,
Himanshu Mehta