From a small bit of skimming, sounds like it's a user escalation vector, where a low privileged user can run the installer in a contrived manner to achieve privilege escalation.
https://github.com/notepad-plus-plus/notepad-plus-plus/secur...
So for my personal install, nothing to worry about here...
Couple questions as savvy tech person but not working day-to-day in security/IT:
Would a regular home user with an old installer in their Downloads folder need to worry? (is a bad download file going to target looking for these old installers, then moving files around, etc?)
On the other hand, I could see corporate IT having the stronger case of proactively wanting to flag this installer if present on their systems.
reanimus•7mo ago
notepad0x90•7mo ago
Attackers can also use the notepad installer as a payload execution mechanism. To run your malware, just get older notepad++ installers and drop your dll after the installer is running to run it as SYSTEM.
delfinom•7mo ago
notepad0x90•7mo ago