Notepad++ Stack-Based Buffer Overflow Vulnerability in File Drop Handler Component

A stack-based buffer overflow vulnerability has been identified in Notepad++ version 8.9.3. The issue arises in the file drop handler component when a user drags and drops a directory path that is exactly 259 characters long, without a trailing backslash. The application improperly appends a backslash and null terminator, leading to a stack buffer overflow and causing the application to crash with a 'STATUS_STACK_BUFFER_OVERRUN' error.

Impact

Exploitation of this vulnerability causes a reliable application crash and corrupts stack memory adjacent to the buffer, potentially allowing for further exploitation despite the presence of a security cookie that complicates such attempts.

Reproduction

To reproduce this vulnerability, drop a directory path of exactly 259 characters (excluding the trailing backslash) onto an open Notepad++ 8.9.3 window. This can be done by creating a directory with a long path, ensuring it meets the length requirement, and then dragging it into the Notepad++ application.

Remediation

Users can update to the latest version of Notepad++ where this vulnerability has been fixed.