CVE-2008-3436
01.08.2008, 14:41
The GUP generic update process in Notepad++ before 4.8.1 does not properly verify the authenticity of updates, which allows man-in-the-middle attackers to execute arbitrary code via a Trojan horse update, as demonstrated by evilgrade and DNS cache poisoning.
| Vendor | Product | Version |
|---|---|---|
| notepad\+\+ | notepad\+\+ | 𝑥 ≤ 1.0 |
| notepad\+\+ | notepad\+\+ | 𝑥 ≤ 1.1 |
| notepad\+\+ | notepad\+\+ | 𝑥 ≤ 1.2 |
| notepad\+\+ | notepad\+\+ | 𝑥 ≤ 1.3 |
| notepad\+\+ | notepad\+\+ | 𝑥 ≤ 1.4 |
| notepad\+\+ | notepad\+\+ | 𝑥 ≤ 1.5 |
| notepad\+\+ | notepad\+\+ | 𝑥 ≤ 1.6 |
| notepad\+\+ | notepad\+\+ | 𝑥 ≤ 1.7 |
| notepad\+\+ | notepad\+\+ | 𝑥 ≤ 1.8 |
| notepad\+\+ | notepad\+\+ | 𝑥 ≤ 1.9 |
| notepad\+\+ | notepad\+\+ | 𝑥 ≤ 2.1 |
| notepad\+\+ | notepad\+\+ | 𝑥 ≤ 2.2 |
| notepad\+\+ | notepad\+\+ | 𝑥 ≤ 2.3 |
| notepad\+\+ | notepad\+\+ | 𝑥 ≤ 2.4 |
| notepad\+\+ | notepad\+\+ | 𝑥 ≤ 2.5 |
| notepad\+\+ | notepad\+\+ | 𝑥 ≤ 2.6 |
| notepad\+\+ | notepad\+\+ | 𝑥 ≤ 2.8 |
| notepad\+\+ | notepad\+\+ | 𝑥 ≤ 2.9 |
| notepad\+\+ | notepad\+\+ | 𝑥 ≤ 3.0 |
| notepad\+\+ | notepad\+\+ | 𝑥 ≤ 3.1 |
| notepad\+\+ | notepad\+\+ | 𝑥 ≤ 3.2 |
| notepad\+\+ | notepad\+\+ | 𝑥 ≤ 3.3 |
| notepad\+\+ | notepad\+\+ | 𝑥 ≤ 3.4 |
| notepad\+\+ | notepad\+\+ | 𝑥 ≤ 3.5 |
| notepad\+\+ | notepad\+\+ | 𝑥 ≤ 3.6 |
| notepad\+\+ | notepad\+\+ | 𝑥 ≤ 3.7 |
| notepad\+\+ | notepad\+\+ | 𝑥 ≤ 3.8 |
| notepad\+\+ | notepad\+\+ | 𝑥 ≤ 3.9 |
| notepad\+\+ | notepad\+\+ | 𝑥 ≤ 4.0 |
| notepad\+\+ | notepad\+\+ | 𝑥 ≤ 4.0.2 |
| notepad\+\+ | notepad\+\+ | 𝑥 ≤ 4.1 |
| notepad\+\+ | notepad\+\+ | 𝑥 ≤ 4.1.1 |
| notepad\+\+ | notepad\+\+ | 𝑥 ≤ 4.1.2 |
| notepad\+\+ | notepad\+\+ | 𝑥 ≤ 4.2.1 |
| notepad\+\+ | notepad\+\+ | 𝑥 ≤ 4.2.2 |
| notepad\+\+ | notepad\+\+ | 𝑥 ≤ 4.3 |
| notepad\+\+ | notepad\+\+ | 𝑥 ≤ 4.4 |
| notepad\+\+ | notepad\+\+ | 𝑥 ≤ 4.5 |
| notepad\+\+ | notepad\+\+ | 𝑥 ≤ 4.6 |
| notepad\+\+ | notepad\+\+ | 𝑥 ≤ 4.7 |
| notepad\+\+ | notepad\+\+ | 𝑥 ≤ 4.7.2 |
𝑥
= Vulnerable software versions
References