XML Notepad is a Windows program that provides a simple intuitive User Interface for browsing and editing XML documents. Prior to version 2.9.0.21, XML Notepad does not disable DTD processing by default which means external entities are resolved automatically. There is a well known attack related to malicious DTD files where an attacker to craft a malicious XML file that loads a DTD that causes XML Notepad to make outbound HTTP/SMB requests, potentially leaking local file contents or capturing the victim's NTLM credentials.
This issue has been patched in version 2.9.0.21.
Attack Parameters
Attack Vector
Network
Can be exploited remotely
Attack Complexity
Low
Easy to exploit
Privileges Required
None
No privileges needed
User Interaction
Required
User action required
Impact Assessment
Confidentiality
High
Complete data leak
Integrity
None
No data modification
Availability
None
No disruption
CVSS Vector v3.1
Weakness Type (CWE)
References 4
https://github.com/microsoft/XmlNotepad/commit/3665603d61ba10b7827a3724e854748c…
security-advisories@github.com
https://github.com/microsoft/XmlNotepad/commit/c03ab2311ac6960452eb1ab49098768f…
security-advisories@github.com
https://github.com/microsoft/XmlNotepad/releases/tag/2.9.0.21
security-advisories@github.com
https://github.com/microsoft/XmlNotepad/security/advisories/GHSA-5j32-486h-42ch
security-advisories@github.com