Get in Touch
Indiscriminate, opportunistic targeting.
Notepad++ version 8.5.7 has been released, which has remediated four buffer overflow zero-day flaws, one of which could result in the execution of code by leading target users into opening specially crafted files. A summary of the security flaws has been outlined below:
- CVE-2023-40031 (CVSSv3 score: 7.8): Geap buffer write overflow in `Utf8_16_Read::convert`
- CVE-2023-40036 (CVSSv3 score: 5.5): Global buffer read overflow in `CharDistributionAnalysis::HandleOneChar’
- CVE-2023-40164 (CVSSv3 score: 5.5): Global buffer read overflow in `nsCodingStateMachine::NextStater`
- CVE-2023-40166 (CVSSv3 score: 5.5): Heap buffer read overflow in `FileManager::detectLanguageFromTextBegining `
Proof of concept (PoC) exploits have been released with regards to these vulnerabilities and, as such, it is critical that users apply the relevant updates as soon as possible.
Successful exploitation of these vulnerabilities could allow threat actors to perform arbitrary code execution or leak internal memory allocation data from target systems, thus leading to the compromise of the integrity of data.
Notepad has released a security patch with regards to these vulnerabilities. As such, previous versions are vulnerable to potential exploitation.
Notepad++ versions 8.5.6 and prior.
Containment, Mitigations & Remediations
It is strongly recommended that users apply the Notepad++ version 8.5.7 security patch as soon as possible.
Indicators of Compromise
No specific Indicators of Compromise (IoCs) are available currently.
Notepad++ occupies a significant proportion of the text editor market share. Given that threat actors generally utilise a combination of probability and asset value to determine which attack surfaces to focus on, Notepad++ could emerge as a prime target for threat actors. Due to the fact that Notepad++ is an integral aspect of personal and business operations, threat actors will continue to exploit vulnerabilities contained within the associated products in an attempt to exfiltrate the sensitive data contained therein.
No attribution to specific threat actors or groups has been identified at the time of writing.
TA0002 – Execution