Home

CVE-2008-3436

Description

The GUP generic update process in Notepad++ before 4.8.1 does not properly verify the authenticity of updates, which allows man-in-the-middle attackers to execute arbitrary code via a Trojan horse update, as demonstrated by evilgrade and DNS cache poisoning.

Risk Information

Base Score
8.1
MODERATE
Vector
AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS Score
Exploitation Probability
0.651

Associated Vulnerability

VulnerabilityOS Platform
Vulnerabilities CVE-2007-2666,CVE-2008-3436 are affected in Notepad++ (User Based) 4.1.1Windows
Vulnerabilities CVE-2008-3436 are affected in Notepad++ (User Based) 1.0Windows
Vulnerabilities CVE-2008-3436 are affected in Notepad++ (User Based) 1.1Windows
Vulnerabilities CVE-2008-3436 are affected in Notepad++ (User Based) 1.2Windows
Vulnerabilities CVE-2008-3436 are affected in Notepad++ (User Based) 1.3Windows
Vulnerabilities CVE-2008-3436 are affected in Notepad++ (User Based) 1.4Windows
Vulnerabilities CVE-2008-3436 are affected in Notepad++ (User Based) 1.5Windows
Vulnerabilities CVE-2008-3436 are affected in Notepad++ (User Based) 1.6Windows
Vulnerabilities CVE-2008-3436 are affected in Notepad++ (User Based) 1.7Windows
Vulnerabilities CVE-2008-3436 are affected in Notepad++ (User Based) 1.8Windows
Vulnerabilities CVE-2008-3436 are affected in Notepad++ (User Based) 1.9Windows
Vulnerabilities CVE-2008-3436 are affected in Notepad++ (User Based) 2.1Windows
Vulnerabilities CVE-2008-3436 are affected in Notepad++ (User Based) 2.2Windows
Vulnerabilities CVE-2008-3436 are affected in Notepad++ (User Based) 2.3Windows
Vulnerabilities CVE-2008-3436 are affected in Notepad++ (User Based) 2.4Windows
Vulnerabilities CVE-2008-3436 are affected in Notepad++ (User Based) 2.5Windows
Vulnerabilities CVE-2008-3436 are affected in Notepad++ (User Based) 2.6Windows
Vulnerabilities CVE-2008-3436 are affected in Notepad++ (User Based) 2.8Windows
Vulnerabilities CVE-2008-3436 are affected in Notepad++ (User Based) 2.9Windows
Vulnerabilities CVE-2008-3436 are affected in Notepad++ (User Based) 3.0Windows
Vulnerabilities CVE-2008-3436 are affected in Notepad++ (User Based) 3.1Windows
Vulnerabilities CVE-2008-3436 are affected in Notepad++ (User Based) 3.2Windows
Vulnerabilities CVE-2008-3436 are affected in Notepad++ (User Based) 3.3Windows
Vulnerabilities CVE-2008-3436 are affected in Notepad++ (User Based) 3.4Windows
Vulnerabilities CVE-2008-3436 are affected in Notepad++ (User Based) 3.5Windows
Vulnerabilities CVE-2008-3436 are affected in Notepad++ (User Based) 3.6Windows
Vulnerabilities CVE-2008-3436 are affected in Notepad++ (User Based) 3.7Windows
Vulnerabilities CVE-2008-3436 are affected in Notepad++ (User Based) 3.8Windows
Vulnerabilities CVE-2008-3436 are affected in Notepad++ (User Based) 3.9Windows
Vulnerabilities CVE-2008-3436 are affected in Notepad++ (User Based) 4.0Windows
Vulnerabilities CVE-2008-3436 are affected in Notepad++ (User Based) 4.0.2Windows
Vulnerabilities CVE-2008-3436 are affected in Notepad++ (User Based) 4.1Windows
Vulnerabilities CVE-2008-3436 are affected in Notepad++ (User Based) 4.1.2Windows
Vulnerabilities CVE-2008-3436 are affected in Notepad++ (User Based) 4.2.1Windows
Vulnerabilities CVE-2008-3436 are affected in Notepad++ (User Based) 4.2.2Windows
Vulnerabilities CVE-2008-3436 are affected in Notepad++ (User Based) 4.3Windows
Vulnerabilities CVE-2008-3436 are affected in Notepad++ (User Based) 4.4Windows
Vulnerabilities CVE-2008-3436 are affected in Notepad++ (User Based) 4.5Windows
Vulnerabilities CVE-2008-3436 are affected in Notepad++ (User Based) 4.6Windows
Vulnerabilities CVE-2008-3436 are affected in Notepad++ (User Based) 4.7Windows
Vulnerabilities CVE-2008-3436 are affected in Notepad++ (User Based) 4.7.2Windows

Patch Details

No records found

References

https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234