At first I thought “oh, I wonder if my favourite text editor is affected by a similar bug, and I wonder what actions make it vulnerable.”.
Well, of turns out that the action that makes it vulnerable is installing separate malware with admin privileges. I will do my best to avert that danger, but I wouldn’t class “third party malware with admin privileges can replace part of this program with its own code” as a serious vulnerability in this software specifically.
ChairmanMeow@programming.dev 1 week ago
One of the NPP maintainers responded with:
Which I suppose is true. You could argue it is a way to persist malicious code once you do have access, but it seems unlikely and not that useful. Low severity if anything.
You’d need to have some general attack script that can adjust (or create proxies for) dlls maliciously on the fly, without prior knowledge of which dlls are encountered. Only in that case could the exe maybe detect malicious changes to the dll and stop execution. But a targeted attack using a compromised NPP distribution wouldn’t be covered with such a check.