Fake travel reservations are exacting more pain from the travel weary, already dealing with the misery of canceled flights and overbooked hotels.
Related Posts
Apple emergency update fixes new zero-day used to hack iPhones
Apple emergency update fixes new zero-day used to hack iPhones
Apple released emergency security updates to patch a new zero-day security flaw exploited in attacks targeting iPhone and iPad users. […] Read More
BleepingComputer
Notepad++ Input Validation Flaws Leads to uncontrolled Search Path Vulnerability
Notepad++ Input Validation Flaws Leads to uncontrolled Search Path Vulnerability
Notepad++ has been discovered with an uncontrolled search path vulnerability, which could allow threat actors to search an untrusted search path. This vulnerability has been disclosed to Notepad++, and a patch has yet to be provided.
Notepad++ is a simple text editor for Windows with many more capabilities and can be used to open or edit code files written in other programming languages. Multiple vulnerabilities in Notepad++ were previously reported in August 2023.
CVE-2023-6401: Uncontrolled Search Path in Notepad++
This vulnerability exists in an unknown functionality of the file dbghelp.exe, which a threat actor can manipulate to search an untrusted path.
This vulnerability has been categorized under “Hijack Execution Flow” by the MITRE framework.
Document
Protect Your Storage With SafeGuard
Is Your Storage & Backup Systems Fully Protected? – Watch 40-second Tour of SafeGuard
StorageGuard scans, detects, and fixes security misconfigurations and vulnerabilities across hundreds of storage and backup devices.
Notepad++ utilizes a predetermined search path to locate its resources. However, this search path can be exploited by threat actors to compromise the Confidentiality, Integrity, and Availability (CIA) triad of the system.
Attackers can target one or more locations in the specified path and gain unauthorized access to the resources.
Products affected by this vulnerability include Notepad++ versions before 8.1.
Notepad++ is yet to publish a fix and a security advisory for this report.
There has been no evidence of exploitation of this vulnerability by threat actors. The severity for this vulnerability has been given as 5.3 (Medium) by VulDB.
No other additional information about this vulnerability has been reported, nor has a publicly available exploit been found.
To know more about this vulnerability, VulDB has published a report providing additional information.
Experience how StorageGuard eliminates the security blind spots in your storage systems by trying a 14-day free trial.
The post Notepad++ Input Validation Flaws Leads to uncontrolled Search Path Vulnerability appeared first on Cyber Security News.
Cyber Security News