Notepad++ < 7.7 (x64) - Denial of Service - 黑帽漏洞数据库

游客您好，欢迎来到黑客世界论坛！您可以在这里进行注册。

赤队小组-代号1949（原CHT攻防小组）在这个瞬息万变的网络时代，我们保持初心，创造最好的社区来共同交流网络技术。您可以在论坛获取黑客攻防技巧与知识，您也可以加入我们的Telegram交流群 共同实时探讨交流。论坛禁止各种广告，请注册用户查看我们的使用与隐私策略，谢谢您的配合。小组成员可以获取论坛隐藏内容！

TheHackerWorld官方

发布于2022年11月4日3年前

# Exploit Title: Notepad++ all x64 versions before 7.7. Remote memory corruption via .ml file.
# Google Dork: N/A
# Date: 2019-09-14
# Exploit Author: Bogdan Kurinnoy ([email protected])
# Vendor Homepage: https://notepad-plus-plus.org/
# Version: < 7.7
# Tested on: Windows x64
# CVE : CVE-2019-16294

# Description:

SciLexer.dll in Scintilla in Notepad++ (x64) before 7.7 allows remote code execution or denial of service via Unicode characters in a crafted .ml file. 

Open aaaaa.ml via affected notepad++ 

POC files:

https://github.com/offensive-security/exploit-database-bin-sploits/raw/master/bin-sploits/47393.zip

Result:

(230.c64): Access violation - code c0000005 (first chance)
First chance exceptions are reported before any exception handling.
This exception may be expected and handled.
*** ERROR: Symbol file could not be found. Defaulted to export symbols for C:\Program Files\Notepad++\SciLexer.dll -
rax=00007ff8e64014c0 rbx=00000000000aaaaa rcx=00000000000aaaaa
rdx=0000000000000003 rsi=0000000000000000 rdi=00000000ffffffff
rip=00007ff8e63c071d rsp=000000aa06463d60 rbp=000000aa06463e81
r8=0000000000002fc8 r9=0000000000000000 r10=000000000000fde9
r11=000000aa06463d90 r12=0000000000000000 r13=0000000000000000
r14=0000000000000001 r15=0000000000000002
iopl=0 nv up ei pl zr na po nc
cs=0033 ss=002b ds=002b es=002b fs=0053 gs=002b efl=00010246
SciLexer!Scintilla_DirectFunction+0x950dd:
00007ff8e63c071d 0fb70458 movzx eax,word ptr [rax+rbx*2] ds:00007ff8e6556a14=????

登录

游客您好，欢迎来到黑客世界论坛！您可以在这里进行注册。

Notepad++ < 7.7 (x64) - Denial of Service

精选回复

创建帐户或登录后发表意见

最近浏览 0

帐户

导航

搜索