mimeTools security vulnerability just published

[molsonkiko]

@donho
Have you seen this article? It claims that mimeTools has a security vulnerability associated with some corrupt PEM file.

I don't really understand much about this; the nature of the security vulnerability itself is over my head, and unfortunately the original publication of this vulnerability is written in Korean, which can't be translated by my web browser. I just wanted to make sure you knew right away.

It really sucks that the investigators just went and published the issue rather than warning you first.

[donho]

@molsonkiko
Thank you for your heads up. After reading the article attentively, it remains vague and inconsistent to me.

ASEC’s investigation revealed that the file named “certificate.pem” within the altered package contains the malicious shell code.

By "package" I guess they means the installer or zipped package. So"altered package" should mean the installer or zipped package which doesn't come from Notepad++ official website. While the package is done by a malicious 3rd party, they can modify anything, not only "mimeTools.dll", but also even "notepad++.exe" itself. So I don't see why it's a security issue of Notepad++ or MimeTools.

OTOH, if MimeTools binary is not altered and the vulnerability comes really from MimeTools, we need a PoC to fix the issue.

Let's keep this issue opened. I'll keep an eye on it.