hngopher.com

       [HN Gopher] High-Severity Vulnerability in Notepad++
       ___________________________________________________________________
        
       High-Severity Vulnerability in Notepad++
        
       Author : onlinenotepad
       Score  : 5 points
       Date   : 2025-06-30 17:49 UTC (5 hours ago)
        
 (HTM) web link (www.csa.gov.sg)
 (TXT) w3m dump (www.csa.gov.sg)
        
       | reanimus wrote:
       | Headline is a little misleading imo -- the vulnerability isn't in
       | Notepad++ itself as much as its installer. Current users, I
       | imagine, don't have anything to worry about.
        
         | notepad0x90 wrote:
         | Unless the updater also runs the installer, then you just drop
         | your malicious dll in the right place and wait for an update,
         | or find a way to force-trigger an update.
         | 
         | Attackers can also use the notepad installer as a payload
         | execution mechanism. To run your malware, just get older
         | notepad++ installers and drop your dll after the installer is
         | running to run it as SYSTEM.
        
       | gertlex wrote:
       | Looks like it's a vulnerability in the _installer_.
       | 
       | From a small bit of skimming, sounds like it's a user escalation
       | vector, where a low privileged user can run the installer in a
       | contrived manner to achieve privilege escalation.
       | 
       | https://github.com/notepad-plus-plus/notepad-plus-plus/secur...
       | 
       | So for my personal install, nothing to worry about here...
        
       | retox wrote:
       | If the problem is in the installer then this can't be 'fixed',
       | affected installers should be fingerprinted as malware.
        
       | notepad0x90 wrote:
       | I wanted to say the installer has no business running things as
       | SYSTEM but I suppose there is no way around that for registering
       | COM DLLs. I would think Attackers would need to chain this with a
       | Uac bypass (or be fortunate enough to find Uac disabled). If Uac
       | is setup right, administrative operations like regsvr32 should
       | require going through consent.exe's prompt. Uac bypasses are
       | plenty but systems can be configured to mitigate them (at least
       | the ones I know of). Social engineering is also another good way
       | to bypass Uac.
        
       ___________________________________________________________________
       (page generated 2025-06-30 23:01 UTC)