CVE-2017-8803
 
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
Notepad++ 7.3.3 (32-bit) with Hex Editor Plugin v0.9.5 might allow user-assisted attackers to execute code via a crafted file, because of a "Data from Faulting Address controls Code Flow" issue. One threat model is a victim who obtains an untrusted crafted file from a remote location and issues several user-defined commands.
Notepad++ versión 7.3.3 (en 32 bits) con Plugin Hex Editor versión v0.9.5, podría permitir a atacantes asistidos por el usuario ejecutar código por medio de un archivo especialmente diseñado, debido a un problema de "Data from Faulting Address controls Code Flow". Un modelo de amenaza es una víctima que obtiene un archivo especialmente diseñado no seguro desde una ubicación remota y emite varios comandos definidos por el usuario.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2017-05-05 CVE Reserved
- 2017-07-05 CVE Published
- 2024-03-17 EPSS Updated
- 2024-08-05 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer
CAPEC
References (1)
URL | Tag | Source |
---|---|---|
https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-8803 | Third Party Advisory |
URL | Date | SRC |
---|
URL | Date | SRC |
---|
URL | Date | SRC |
---|
Affected Vendors, Products, and Versions
Vendor | Product | Version | Other | Status | ||||||
---|---|---|---|---|---|---|---|---|---|---|
Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
Mh-nexus Search vendor "Mh-nexus" | Hex Editor Search vendor "Mh-nexus" for product "Hex Editor" | 0.9.5 Search vendor "Mh-nexus" for product "Hex Editor" and version "0.9.5" | - |
Affected
| in | Notepad-plus-plus Search vendor "Notepad-plus-plus" | Notepad\+\+ Search vendor "Notepad-plus-plus" for product "Notepad\+\+" | 7.3.3 Search vendor "Notepad-plus-plus" for product "Notepad\+\+" and version "7.3.3" | - |
Safe
|