Fierelier/notepad-plus-plus-legacy
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity
0f936707a2
notepad-plus-plus-legacy/PowerEditor/src/WinControls
History
Don HO 0f936707a2 [EU-FOSSA] Fix a security issue: RCE via unsanitized command line in "Open containing folder" 
Summary of the Issue:
A remote code execution (RCE) vulnerability was found when a user opens a crafted containing folder in the command line. Code execution is possible by injecting a & followed by system commands into the name of the folder.

Steps to reproduce:
Download the attached archive on Windows: unzip_me.zip (F404758)
Unzip it and navigate into it
Open the txt file inside with Notepad++
Go to File -> Open containing folder -> cmd

Impact statement:
Successful exploitation of this vulnerability would allow an attacker to remotely execute arbitrary commands on the victim's computer.
2019-01-14 20:20:19 +01:00
..
AboutDlg Notepad++ 7.6.2 release Gilet Jaune Edition 2019-01-01 02:46:17 +01:00
AnsiCharPanel List plugins in alphabetical order in Plugins Admin dialog 2019-01-14 20:02:47 +01:00
ClipboardHistory Lost in Translation 3 2016-08-11 22:29:39 +02:00
ColourPicker Fix compiling warning problem 2017-10-30 02:46:18 +01:00
ContextMenu x64 ready 2016-06-05 20:30:22 +02:00
DockingWnd Warning/error fixes as per VS2017 code analysis 2018-02-19 12:21:35 +01:00
DocumentMap Fix a bug where the document map highlights incorrectly when the view is scrolled past the end of the file. 2018-06-21 02:28:51 +02:00
FileBrowser [EU-FOSSA] Fix a security issue: RCE via unsanitized command line in "Open containing folder" 2019-01-14 20:20:19 +01:00
FindCharsInRange Fix the wrong integer replacement (instead of string) 2018-02-20 13:38:09 +01:00
FunctionList Fix Javascript not working regression in Function list since 2016 2018-04-09 00:35:53 +02:00
Grid Force cpp standard const char pointer on string literals 2018-06-25 00:06:26 +02:00
ImageListSet Fixed cppChecker reported issues 2017-07-17 10:35:25 +02:00
OpenSaveFileDialog Fix crash issue due to Unix style path input in Open file dialog. 2018-11-10 12:15:08 +01:00
PluginsAdmin List plugins in alphabetical order in Plugins Admin dialog 2019-01-14 20:02:47 +01:00
Preference Add checking MD5 ability in Plugin Admin 2018-09-27 09:56:58 +02:00
ProjectPanel Add new language and update translations 2018-02-19 11:40:47 +01:00
ReadDirectoryChanges Fix Folder as Workspace not updating regression 2018-07-22 02:42:28 +02:00
shortcut Fixed the macro deletion bug 2018-06-21 09:57:04 +02:00
SplitterContainer Add new feature: double click splitter resets panes to equal size 2018-12-20 09:51:42 +01:00
StaticDialog Fixed pointer truncations reported after removing /Wv:18 2018-06-21 02:36:28 +02:00
StatusBar Lost in Translation 3 2016-08-11 22:29:39 +02:00
TabBar Fix Tab non-responding after dragging bug 2018-10-02 20:18:11 +02:00
TaskList Force cpp standard const char pointer on string literals 2018-06-25 00:06:26 +02:00
ToolBar Rename variables & clean up 2017-07-27 10:30:53 +02:00
ToolTip Enhancement of "Word characters list" 2017-01-15 22:16:17 +01:00
TrayIcon Force cpp standard const char pointer on string literals 2018-06-25 00:06:26 +02:00
TreeView Coding style / Code cleanup 2015-08-04 18:09:17 +02:00
VerticalFileSwitcher List plugins in alphabetical order in Plugins Admin dialog 2019-01-14 20:02:47 +01:00
WindowsDlg Make new entries translatable 2018-03-02 20:23:24 +01:00
Window.h Add Plugins Administrator (UI part, in progress) 2017-01-20 14:13:41 +01:00
WindowInterface.h [UPDATE] Update the GPL of all project source code to avoid the bundle version made by the tiers sites : cnet, softonic and 01net. 2012-04-15 16:54:38 +00:00