mirror of
https://github.com/notepad-plus-plus/notepad-plus-plus.git
synced 2025-07-05 13:04:42 +02:00
686bf4fba1
There's a security flaw for the un-installation of Notepad++ in Windows Register, the string without quotes: C:\Program Files\Notepad++\uninstall.exe, whereas it should be "C:\Program Files\Notepad++\uninstall.exe". The reason is, hacker can create a file called c:\program.exe, then Windows could interpret Files\Notepad++\uninstall.exe as the argument, so the system could run c:\program.exe. Ref: https://isc.sans.edu/diary/Help+eliminate+unquoted+path+vulnerabilities/14464 Fixed by @ozone10: Fix #10191, fix #6165, close #10369