A critical vulnerability has been discovered in Notepad++ v8.8.1, allowing attackers to gain system-level access through malicious manipulation of executable files during installation. This exploit involves binary planting of a malicious regsvr32.exe, which can lead to arbitrary code execution and full system compromise. #NotepadPlusPlus #CVE-2025-49144
Keypoints
- The vulnerability stems from uncontrolled executable search paths during installation of Notepad++ v8.8.1.
- Attackers can exploit this by placing a malicious regsvr32.exe in the same directory as the installer.
- Executing the installer triggers the malicious file, potentially establishing a reverse shell on the victimβs machine.
- Attackers can combine this vulnerability with phishing to increase the likelihood of successful exploitation.
- Mitigation strategies include using absolute paths, verifying digital signatures, and avoiding untrusted directories during installation.