Users of Notepad++ version 5.7 please be advised of an Insecure DLL Hijacking vulnerability that has been identified.
To view this vulnerability, possible remedies, and others please check out the Security Advisories at Critical Watch (http://criticalwatch.com/support/security-advisories.aspx)
Amplify’d from www.criticalwatch.com
Notepad++ -SA-08/28/2010: Notepad++ version 5.7 Insecure DLL Hijacking Vulnerability
VULNERABILITY DESCRIPTION
The Notepad++ application passes an insufficiently qualified path in
loading an external library, "scilexer.dll" when a user opens its
associated file
with extensions - css, inc, inf, ini, log, scp, wtx, shtml . This
vulnerability depends on the following situations -
- Notepad++ must have been made as the default text editor (so called
users' most favorite "Notepad" replacement)
- Affected extensions must not have been registered with other applications
Read more at www.criticalwatch.com
See this Amp at http://bit.ly/cFu46C
No comments:
Post a Comment