Description of the Issue

NotePad++ is vulnerable to a stack-based buffer overflow, caused by improper bounds checking when processing the .xml files. By persuading a victim to open a specially crafted .xml file, a remote attacker could overflow a buffer and execute arbitrary code on the system or cause the application to crash.

Steps to Reproduce the Issue

Can be found at https://www.exploit-db.com/exploits/35589

According to the exploit report, it affects v6.6.9 but there is no indication of whether future versions of the SW are affected or if it was only this one version that was vulnerable to this attack. If the issue is resolved or no longer reproducible in the latest version, then this could be closed as fixed, but I'm not sure how the public databases can be updated with an indication that it is resolved in a future version.

Additional links to security DBs

https://nvd.nist.gov/vuln/detail/CVE-2014-9456