QwikSec

Security Database

CVE

CWE

Training

CVE-2007-2666

Published: May 14, 2007

Modified: Aug 7, 2024

PUBLISHED

Description

Stack-based buffer overflow in LexRuby.cxx (SciLexer.dll) in Scintilla 1.73, as used by notepad++ 4.1.1 and earlier, allows user-assisted remote attackers to execute arbitrary code via certain Ruby (.rb) files with long lines. NOTE: this was originally reported as a vulnerability in notepad++.

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

vdb-entry

x_refsource_VUPEN

20070513 notepad++[v4.1]: (win32) ruby file processing buffer overflow exploit.

mailing-list

x_refsource_BUGTRAQ

exploit

x_refsource_EXPLOIT-DB

third-party-advisory

x_refsource_SECUNIA

vdb-entry

x_refsource_VUPEN

20070523 Re: notepad++[v4.1]: (win32) ruby file processing buffer overflow exploit.

mailing-list

x_refsource_BUGTRAQ

vdb-entry

x_refsource_BID

notepadplus-rb-bo(34269)

vdb-entry

x_refsource_XF

http://scintilla.cvs.sourceforge.net/scintilla/scintilla/src/LexRuby.cxx?view=log#rev1.13

x_refsource_CONFIRM

scintilla-rb-bo(34372)

vdb-entry

x_refsource_XF

vdb-entry

x_refsource_OSVDB

third-party-advisory

x_refsource_SECUNIA

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.