Notepad++ 7.3.3 update fixes CIA vulnerability

Martin Brinkmann
Mar 9, 2017

The developers of the popular third-party text editor Notepad++ released version 7.3.3 which fixes a vulnerability found in the leaked Vault 7 files.

Wikileaks started to release so-called Vault 7 files the other day; a cache of confidential documents on the U.S. Central Intelligence Agency.

A list of popular software programs was found among the information that the CIA used to target computer systems.

Fine Dining documents, Fine Dining is the codename for the operation, list 24 popular applications that the CIA used to attack computer systems.

The list reads like the who is who of the free software world, as it includes Google Chrome, VLC Media Player, Firefox, Opera, Kaspersky TDSS Killer, Thunderbird, LibreOffice, Skype, and Notepad++ to name just a few.

Notepad++ 7.3.3 update

The Notepad++ vulnerability is listed on this Wikileak's page. It is said to work with portable and non-portable -- read install -- versions of the text editor.

Notepad++ loads Scintilla, a "code editing component" (and seperate project), from a DLL adjacent to its EXE called "SciLexer.dll".  This DLL exports only one funciton named "Scintilla_DirectFunction" at ordinal #1

The DLL does a lot of "set up" in ProcessAttach, so it is important to load the true DLL as soon as the hijack is loaded.

The Notepad++ team released version 7.3.3 of the text editor to patch the DLL hijack security issue in the application.

The team notes that all future versions of Notepad++ will check the certificate of the scilexer.dll file before loading it to remedy the situation. If the certificate is invalid, or entirely missing, Notepad++ won't load the DLL file and will fail to launch as a consequence.

The team notes that this won't do you any good if the entire PC is compromised as attackers may do anything they like in this case (e.g. replace the notepad executable file with a modified copy).

Users of the program are encouraged to update immediately to protect the software from potential attacks. Downloads are provided on the official Notepad++ website, or via the program's automatic update functionality if enabled. Auto-update may not be triggered right away though, so it may be better if you download the new release manually from the website instead.

The new version of Notepad++ features a couple of other changes. Those are mostly bug fixes and a handful of smaller enhancements to the program though.

Expect to see other companies release updates for their products affected by the leak in the near future.

Now You: are you concerned about the leak?


Notepad++ 7.3.3 update fixes CIA vulnerability
Article Name
Notepad++ 7.3.3 update fixes CIA vulnerability
The developers of the popular third-party text editor Notepad++ resed version 7.3.3 which fixes a vulnerability found in the leaked Vault 7 files.
Ghacks Technology News

Tutorials & Tips

Previous Post: «
Next Post: «


  1. Ferenn said on March 12, 2017 at 12:34 pm

    “Are you concerned about the leak?” No, because it is just one of many ways an attacker can take advantage of a compromised system. If you have malware on your system that gives an attacker remote access allowing them to replace files arbitrarily like this dll, then your system is already compromised and whatever the attacker does to actually exploit it is just a symptom of that.

    It’s good that some attention is given to this hijacking of common DLLs, and to me it just underlines why installed software should use the operating system’s protected folders for applications (C:\Program Files) instead of dropping it anywhere like local application data to avoid UAC prompts. It also underlines why you shouldn’t use portable software in an installed fashion.

  2. dan said on March 10, 2017 at 11:54 am

    If you’re using any form of modern technology–and if you’re reading this, you are–then you’ve already been hacked. The only question is to what extent, and by whom.

  3. beergas said on March 10, 2017 at 12:18 am

    Great program. Using X64 version and glad they really update regularly. Maybe since I was just installing with the basic d/l package the running program didn’t seem to work. Like now this is 7.3.3 and I was a few
    back. This this time I used the ‘full’ version installer which has a check next to the autoupdate from list of what will be included when first start the installation. Maybe will work now. Thanks for info especially since he adds the CIA, or anyone, way to hack a .dll Of course it just makes the programming bit harder to have to check for a certificate or Notepad++ will lock up Hackers have ways in anyway as author says but why not throw in a bone just for giggles.

  4. pHROZEN gHOST said on March 9, 2017 at 3:22 pm

    I have v7.3.2. I clicked the update function. It says no update is available.
    I had to go to the web site to get the update.

  5. Clairvaux said on March 9, 2017 at 11:57 am

    It’s a good thing soldiers have weapons and the CIA have their own too. Incidentally, it’s mostly the CIA that protects everybody against terrorism. This “detail” gets a bit lost in all that hand-wringing about spies doing spying, which is why we have spies.

    1. ASK_WIKI_MY_NAME said on March 9, 2017 at 3:16 pm

      No The FBI protects us from Terrorism, The CIA are the U.S.A’s Terrorist

    2. Gary D said on March 9, 2017 at 12:34 pm

      @ Clairvaux

      “it’s mostly the CIA that protects everybody against terrorism”. The CIA did a really good job in protecting the victims of the Twin Towers on 9/11 didn’t they ! Yes, I am being sarcastic !

      In the CIA, NSA, FBI and rest of the US alphabet soup agencies, the Directors are all political appointees. In other words, they do what the President orders. I suppose Trump tweets his orders to them :)

      1. Clairvaux said on March 9, 2017 at 1:20 pm

        So because the CIA failed to prevent 9/11, they shouldn’t try to clean up their act and prevent other Islamic terrorist attacks ? Brilliant logic. I hope you don’t design software.

        Of course the intelligence agencies’ heads are political appointees, and they do what the president orders, which is to protect the country. What’s your point ? Are you telling us that in your country, the president or prime minister nominates political enemies at the helm of intelligence agencies, and tells them to hand the nation to foreign hostile powers ?

      2. Tom Hawack said on March 9, 2017 at 1:11 pm

        The Directors may be political appointees but I’m afraid on the paper only. Information has always been the supreme power, that at the very top of the pyramid. If you know more than your employer, if you know more about your employer than he knows about you then the subordination scheme is theoretical only. This said I do not know what regimes have their leadership in control of their intelligence agencies and what regimes have it the other way round. Dictatorship appears then as a temptation fed by paranoia for the worst and for the best, the best being control of all, intelligence included.

        Intelligence is neither good or bad, but both. Cow-boys and Indians, simultaneously. The good guy spying the bad guy is at the same time the bad guy being spied by a good guy. The aim is not to win but to defeat your opponent and finishing second with your opponent kicked out is better than winning the race and your opponent finishing last. There are no allies but temporary agreements based on temporary common quests. Everyone spies everyone, this is the ultimate pleasure dome of paranoia. Wars are a geopolitical variable, as peace, There are no ethics. It is hell on Earth.

        Leadership is seldom hell. But intelligence always is.

    3. Tom Hawack said on March 9, 2017 at 12:07 pm

      Are you joking? Do you know how many tragedies, wars have their source in the philosophies of intelligence agencies, CIA included. “it’s mostly the CIA that protects everybody against terrorism” … you bet!

      1. Clairvaux said on March 9, 2017 at 1:10 pm

        No, this is a fact. In many cases, the work of the CIA (and, more to the case, the NSA), is what prevented you personally from being blown to smithereens by an Islamic terrorist. (I’m assuming you’re an European national. If you’re American, this goes without saying).

        When European intelligence agencies say they have thwarted an Islamic terrorist attack with the help of information provided by foreign colleagues (which happens regularly), most of the times, those colleagues are American (and in some cases, British). Of course, you won’t see Mr. Julian Assange spreading this sort of facts.

        Electronic eavesdropping is the single most effective weapon against Islamic terrorism.

        And by the way, all nations have intelligence agencies, and all of them do electronic eavesdropping. All powerful nations have cyber-warfare weapons. Funny we only get to hear about the American cyber-arsenal (which is supposed to be bad : why ?). When was the last time WikiLeaks leaked something making Russia look bad ? Or China ? Or ISIS ? Think Russia or China don’t do cyber-warfare ? Against us ? I wonder : do they use Notepad ++ ?

        So, by all means, patch Notepad ++. Just be grateful that some people risk their lives protecting yours, while they can’t boast about it, and have to silently suffer slander for it.

  6. Gary D said on March 9, 2017 at 9:46 am

    Thanks for the heads up Martin.


    Martin wrote “Auto-update may not be triggered right away”.

    Use the link which Martin provided to update !!!!

    I did.

  7. Dan82 said on March 9, 2017 at 9:21 am

    In-application update still says “No update is available”, I’m afraid.

  8. CHEF-KOCH said on March 9, 2017 at 8:20 am

    ” are you concerned about the leak?” Nope, because in xyz weeks there are new leaks that nutella causes cancer … (

    Why should anything surprise us? Popular OS/Software is always a target. The thing is that it was fixed asap and that user install the update. DLL hijack also means that you’re or the software is already infected, so the developer of this app can’t be blamed. The user install an update from untrusted sources and then you mostly get infected without any knowledge which is more dangerous.

    1. Tom Hawack said on March 9, 2017 at 11:07 am

      The question is not to know if we’re surprised but if we are, feel concerned by the leak. How not to be concerned when an application, a software we use; moreover regularly, appears in a list of CIA hacked targets?

      Who’s blaming the developers, Notepad++ namely? Not this article anyway. They corrected quickly and I hope developers of other application will follow, if applicable, if possible.

      Being surprised is another topic. With what is going on in the cyber world what surprises me nowadays is the good, not the bad. I could generalize this state of mind to life in general. Ethics, honesty have their place if a place remains vacant, and that hardly occurs.

      This is a mad, mad, mad world. Either you blind yourself to reality and enjoy your dreams either you dig, investigate and then wonder if it is still a beautiful world, as Louis Armstrong would sing it.

      1. Tom Hawack said on March 9, 2017 at 12:02 pm

        To be concerned and to be excessively worried may be two different things, and believing nothing can be done regarding a problem as a reason not to be concerned is an odd logic. Look at the developers of Notepad++, if they had your state of mind they wouldn’t have updated their application. Look at the users, if they didn’t feel concerned they wouldn’t have read this article inviting them to update their Notepad++.

        It’s not because one feels unarmed in the face of a world’s tragedies that he should believe signing a farewell to arms is the rational conclusion. Pragmatism can be a defeat when hope and determination trigger solutions considered otherwise as unrealistic.

        We are all concerned unless to consider that we have lost the game because our challenger is a Chess master, in which case defeatism fulfills our rationalism.

        This said there is indeed a global behavior of the masses, especially amid the younger generation which seems to be led by a “if you can’t beat them, join them” credo. This state of mind truly despairs me, far more then my enemies.

      2. CHEF-KOCH said on March 9, 2017 at 11:37 am

        “How not to be concerned when an application, a software we use; moreover regularly, appears in a list of CIA hacked targets?”

        Why should I be concerned if basically all popular applications are a possible target?

        You can#t do anything about it. Except vote a better government which would bring us to the point and again to the discussion privacy vs security which is still unanswered.

Leave a Reply

Check the box to consent to your data being stored in line with the guidelines set out in our privacy policy

We love comments and welcome thoughtful and civilized discussion. Rudeness and personal attacks will not be tolerated. Please stay on-topic.
Please note that your comment may not appear immediately after you post it.