Notepad++ DLL Hajacking & Privilege Escalation
Posted on 30 November -0001
<HTML><HEAD><TITLE>Notepad++ DLL Hajacking & Privilege Escalation</TITLE><META http-equiv="Content-Type" content="text/html; charset=utf-8"></HEAD><BODY>========================================================= [+] Title : Notepad++ DLL Hajacking & Privilege Escalation [+] Release Date : 12 Oct 2016 [+] Vendor Homepage : https://notepad-plus-plus.org/ [+] Version : All Versions [+] Category : Windows Applications [+] Exploit Author : Ashiyane Digital Security Team [+] Official Website : www.ashiyane.org [+] Available : DLL Hajacking | Privilege Escalation [+] Severity Level : Medium [+] Technique : Local ========================================================= >>> Product & Service Introduction: Notepad++ is a free (as in "free speech" and also as in "free beer") source code editor and Notepad replacement that supports several languages. Running in the MS Windows environment, its use is governed by GPL License. >>> Affected Product(s): notepad++ - Software >>> Vulnerable Libraries: [SciLexer.dll] >>> Technical Details & Description: A local dll injection vulnerability has been discovered in the official Notepad++ software.The issue allows local attackers to inject code to vulnerable libraries to compromise the process or to gain higher access privileges. >>> PoC: The dll hijack vulnerability can be exploited by local attackers with restricted system user account and without user interaction.For security demonstration or to reproduce the vulnerability follow the provided information and steps below to continue. Manual steps to reproduce the local vulnerability ... 1. Compile dll and rename to SciLexer.dll 2. Copy SciLexer.dll to C:Program FilesNotepad++ 3. Launch notepad++.exe 4. MessageBox Executed..! Good Luck ;) ======================================================= --> Discovered by : micle --> Contact : mhd.ceh8@gmail.com </BODY></HTML>
