Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2008-3436

Overview

Vulnerability Score 7.5 7.5
CVE Id CVE-2008-3436
Last Modified 05 Sep 2008 05:43:04
Published 01 Aug 2008 10:41:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2008-3436

Summary

The GUP generic update process in Notepad++ before 4.8.1 does not properly verify the authenticity of updates, which allows man-in-the-middle attackers to execute arbitrary code via a Trojan horse update, as demonstrated by evilgrade and DNS cache poisoning.

Vulnerable Systems

Application

  • Notepad%2b%2b 1.0

  • Notepad%2b%2b 1.1

  • Notepad%2b%2b 1.2

  • Notepad%2b%2b 1.3

  • Notepad%2b%2b 1.4

  • Notepad%2b%2b 1.5

  • Notepad%2b%2b 1.6

  • Notepad%2b%2b 1.7

  • Notepad%2b%2b 1.8

  • Notepad%2b%2b 1.9

  • Notepad%2b%2b 2.1

  • Notepad%2b%2b 2.2

  • Notepad%2b%2b 2.3

  • Notepad%2b%2b 2.4

  • Notepad%2b%2b 2.5

  • Notepad%2b%2b 2.6

  • Notepad%2b%2b 2.8

  • Notepad%2b%2b 2.9

  • Notepad%2b%2b 3.0

  • Notepad%2b%2b 3.1

  • Notepad%2b%2b 3.2

  • Notepad%2b%2b 3.3

  • Notepad%2b%2b 3.4

  • Notepad%2b%2b 3.5

  • Notepad%2b%2b 3.6

  • Notepad%2b%2b 3.7

  • Notepad%2b%2b 3.8

  • Notepad%2b%2b 3.9

  • Notepad%2b%2b 4.0

  • Notepad%2b%2b 4.0.2

  • Notepad%2b%2b 4.1

  • Notepad%2b%2b 4.1.1

  • Notepad%2b%2b 4.1.2

  • Notepad%2b%2b 4.2.1

  • Notepad%2b%2b 4.2.2

  • Notepad%2b%2b 4.3

  • Notepad%2b%2b 4.4

  • Notepad%2b%2b 4.5

  • Notepad%2b%2b 4.6

  • Notepad%2b%2b 4.7

  • Notepad%2b%2b 4.7.2


References

MISC - http://www.infobyte.com.ar/down/Francisco%20Amato%20-%20evilgrade%20-%20ENG.pdf

FULLDISC - 20080728 Tool release: [evilgrade] - Using DNS cache poisoning to exploit poor update implementations


Last Updated: 27 May 2016 10:48:12