vulnerability
NotepadPlusPlus: Out-of-bounds Write (CVE-2019-16294)
| Severity | CVSS | Published | Added | Modified |
|---|---|---|---|---|
| 7 | (AV:N/AC:M/Au:N/C:P/I:P/A:P) | 2019-09-14 | 2020-11-27 | 2020-11-27 |
Severity
7
CVSS
(AV:N/AC:M/Au:N/C:P/I:P/A:P)
Published
2019-09-14
Added
2020-11-27
Modified
2020-11-27
Description
SciLexer.dll in Scintilla in Notepad++ (x64) before 7.7 allows remote code execution or denial of service via Unicode characters in a crafted .ml file.
Solution
notepadplusplus-upgrade-7_7
References
- CVE-2019-16294
- https://attackerkb.com/topics/CVE-2019-16294
- URL-http://packetstormsecurity.com/files/154706/Notepad-Code-Execution-Denial-Of-Service.html
- URL-https://github.com/bi7s/CVE/tree/master/CVE-2019-16294
- URL-https://notepad-plus-plus.org/download/v7.7.html
- URL-https://www.scintilla.org/ScintillaHistory.html
NEW
Explore Exposure Command
Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.