Researchers infiltrate a ransomware operation and discover slick services behind Qilin’s Rust-based malware variant.
Related Posts
Notepad++ Input Validation Flaws Leads to uncontrolled Search Path Vulnerability
Notepad++ Input Validation Flaws Leads to uncontrolled Search Path Vulnerability
Notepad++ has been discovered with an uncontrolled search path vulnerability, which could allow threat actors to search an untrusted search path. This vulnerability has been disclosed to Notepad++, and a patch has yet to be provided.
Notepad++ is a simple text editor for Windows with many more capabilities and can be used to open or edit code files written in other programming languages. Multiple vulnerabilities in Notepad++ were previously reported in August 2023.
CVE-2023-6401: Uncontrolled Search Path in Notepad++
This vulnerability exists in an unknown functionality of the file dbghelp.exe, which a threat actor can manipulate to search an untrusted path.
This vulnerability has been categorized under “Hijack Execution Flow” by the MITRE framework.
Document
Protect Your Storage With SafeGuard
Is Your Storage & Backup Systems Fully Protected? – Watch 40-second Tour of SafeGuard
StorageGuard scans, detects, and fixes security misconfigurations and vulnerabilities across hundreds of storage and backup devices.
Notepad++ utilizes a predetermined search path to locate its resources. However, this search path can be exploited by threat actors to compromise the Confidentiality, Integrity, and Availability (CIA) triad of the system.
Attackers can target one or more locations in the specified path and gain unauthorized access to the resources.
Products affected by this vulnerability include Notepad++ versions before 8.1.
Notepad++ is yet to publish a fix and a security advisory for this report.
There has been no evidence of exploitation of this vulnerability by threat actors. The severity for this vulnerability has been given as 5.3 (Medium) by VulDB.
No other additional information about this vulnerability has been reported, nor has a publicly available exploit been found.
To know more about this vulnerability, VulDB has published a report providing additional information.
Experience how StorageGuard eliminates the security blind spots in your storage systems by trying a 14-day free trial.
The post Notepad++ Input Validation Flaws Leads to uncontrolled Search Path Vulnerability appeared first on Cyber Security News.
Cyber Security News
Perplexity Plagiarized Our Story About How Perplexity Is a Bullshit Machine
Perplexity Plagiarized Our Story About How Perplexity Is a Bullshit Machine
Experts aren’t unanimous about whether the AI-powered search startup’s practices could expose it to legal claims ranging from infringement to defamation—but some say plaintiffs would have strong cases. Read More
Vulnerabilities in Lamassu Bitcoin ATMs Can Allow Hackers to Drain Wallets
Vulnerabilities in Lamassu Bitcoin ATMs Can Allow Hackers to Drain Wallets
Hackers could exploit Lamassu Douro ATM vulnerabilities to take over devices, steal bitcoin from users.
The post Vulnerabilities in Lamassu Bitcoin ATMs Can Allow Hackers to Drain Wallets appeared first on SecurityWeek.
SecurityWeek RSS Feed