[CVE-2026-23512]There is a Untrusted Search Path vulnerability when Advanced Options setting is trigger.

The Daily Cyberspace Information

Jan 15 2026 | 00:00:51

00:00 / 00:00:51

Show Notes

SumatraPDF is a multi-format reader for Windows. In 3.5.2 and earlier, there is a Untrusted Search Path vulnerability when Advanced Options setting is trigger. The application executes notepad.exe without specifying an absolute path when using the Advanced Options setting. On Windows, this allows execution of a malicious notepad.exe placed in the application's installation directory, leading to arbitrary code execution.

Episode Transcript

[CVE-2026-23512]There is a Untrusted Search Path vulnerability when Advanced Options setting is trigger. Description SumatraPDF is a multi-format reader for Windows. In 3.5.2 and earlier, there is a Untrusted Search Path vulnerability when Advanced Options setting is trigger. The application executes notepad.exe without specifying an absolute path when using the Advanced Options setting. On Windows, this allows execution of a malicious notepad.exe placed in the application's installation directory, leading to arbitrary code execution. Impact It is a Untrusted Search Path vulnerability. To fix this vulnerability, the way notepad.exe is searched in sumatrapdf/src/AppTools.cpp should be changed.

Other Episodes

Episode

January 16, 2026 • 00:01:00

Today we'll cover two vulnerabilities.

The first is CVE-2026-23768. The second is CVE-2026-23768.

Episode

January 11, 2026 • 00:04:17

The state of cybersecurity in Japan as of January 11, 2026.

Episode

January 13, 2026 • 00:01:22

[CVE-2025-65955]Use-after-free/double-free risk in Options::fontFamily when clearing family

ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to 7.1.2-9 and 6.9.13-34, there is a vulnerability in ImageMagick’s...