CVE-2007-2666

Published: 14/05/2007 Updated: 16/10/2018

CVSS v2 Base Score: 7.6 | Impact Score: 10 | Exploitability Score: 4.9

VMScore: 765

Vector: AV:N/AC:H/Au:N/C:C/I:C/A:C

Stack-based buffer overflow in LexRuby.cxx (SciLexer.dll) in Scintilla 1.73, as used by notepad++ 4.1.1 and previous versions, allows user-assisted remote malicious users to execute arbitrary code via certain Ruby (.rb) files with long lines. NOTE: this was originally reported as a vulnerability in notepad++.

Vulnerable Product	Search on Vulmon	Subscribe to Product
scintilla scintilla 1.73
notepad\\+\\+ notepad\\+\\+

/*[ notepad++[v41]: (win32) ruby file processing buffer overflow exploit ]* * * * by: vade79/v9 v9@fakehalous (fakehalo/realhalo) * * * * compile: ...

CWE-119 http://secunia.com/advisories/25245 http://scintilla.cvs.sourceforge.net/scintilla/scintilla/src/LexRuby.cxx?view=log#rev1.13 http://www.securityfocus.com/bid/23961 http://secunia.com/advisories/25327 http://www.vupen.com/english/advisories/2007/1867 http://www.vupen.com/english/advisories/2007/1794 http://osvdb.org/36007 https://exchange.xforce.ibmcloud.com/vulnerabilities/34372 https://exchange.xforce.ibmcloud.com/vulnerabilities/34269 https://www.exploit-db.com/exploits/3912 http://www.securityfocus.com/archive/1/469348/100/100/threaded http://www.securityfocus.com/archive/1/468529/100/0/threaded https://nvd.nist.gov https://www.exploit-db.com/exploits/3912/

Get Started

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

CVE-2007-2666

Vulnerability Summary

Exploits

References

Vulmon Search

About

Products

Connect