CVE-2019-16294
Notepad++ < 7.7 (x64) - Denial of Service
Severity Score
7.8
*CVSS v3.1
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
2
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
-
*SSVC
Descriptions
SciLexer.dll in Scintilla in Notepad++ (x64) before 7.7 allows remote code execution or denial of service via Unicode characters in a crafted .ml file.
La biblioteca SciLexer.dll en Scintilla en Notepad ++ (x64) versiones anteriores a 7.7, permite la ejecución de código remota o la denegación de servicio por medio de caracteres Unicode en un archivo .ml diseñado.
Notepad++ (x64) versions prior to 7.7 allow remote code execution or denial of service via a crafted .ml file.
*Credits:
N/A
CVSS Scores
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
Attack Vector
Attack Complexity
Authentication
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:-
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2019-09-13 CVE Reserved
- 2019-09-14 CVE Published
- 2019-09-16 First Exploit
- 2024-08-05 CVE Updated
- 2024-10-12 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
CWE
- CWE-787: Out-of-bounds Write
CAPEC
References (5)
URL | Tag | Source |
---|---|---|
http://packetstormsecurity.com/files/154706/Notepad-Code-Execution-Denial-Of-Service.html | Third Party Advisory |
URL | Date | SRC |
---|---|---|
https://www.exploit-db.com/exploits/47393 | 2019-09-16 | |
https://github.com/bi7s/CVE/tree/master/CVE-2019-16294 | 2024-08-05 |
URL | Date | SRC |
---|
URL | Date | SRC |
---|---|---|
https://notepad-plus-plus.org/download/v7.7.html | 2023-02-28 | |
https://www.scintilla.org/ScintillaHistory.html | 2023-02-28 |
Affected Vendors, Products, and Versions
Vendor | Product | Version | Other | Status | ||||||
---|---|---|---|---|---|---|---|---|---|---|
Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
Notepad-plus-plus Search vendor "Notepad-plus-plus" | Notepad\+\+ Search vendor "Notepad-plus-plus" for product "Notepad\+\+" | < 7.7 Search vendor "Notepad-plus-plus" for product "Notepad\+\+" and version " < 7.7" | - |
Affected
| ||||||
Scintilla Search vendor "Scintilla" | Scintilla Search vendor "Scintilla" for product "Scintilla" | - | - |
Affected
|