Improper neutralization of special elements used in a command (‘command injection’) in Windows Notepad App allows an unauthorized attacker to execute code over a network.
An attacker could trick a user into clicking a malicious link inside a Markdown file opened in Notepad, causing the application to launch unverified protocols that load and execute remote files.
TIL notepad can render markdown
The addition of markdown support is what opened this vulnerability, iirc.
Why does the notepad app do anything but edit text?
Feature creep.
Creature feep
Well, it was bad at that too. Until they vibe-coded it to a Wordpad2.
Damn, poor windows users… Just kidding lmao
I hate the absolute misuse of the RCE definition. An RCE used to not have any user interaction.
Jesus, WOW
8.8 CVSS
Vibecoding (and Resumé-driven dev) doing it’s thing.
Btw, Metapad is still around and portable. And so are Notepad 2/3/4/++.
Well notepad++ hasn’t been looking great https://notepad-plus-plus.org/news/hijacked-incident-info-update/
Is there a non-sense free description.
So far, i learned that notepad can open links from Markdown. I assume Markdown calls some Windows API open(link) where link is any string. That’s hardly a vulnerability by itself, that’s working as designed.
Where does the code execution happen? Is it open(https://hackersite.com/exploite.exe)? Can’t be. They’re not that stupid.
Is it open(file:///PowerShell.exe?atbitaryCodeHere)? Who would allow this?
Or open(teams://magic/doThing)?
This sounds like trying to blame notepad (and by proxy all app developers) for a design flaw in the ecosystem
Btw, ycombinator supports no activitypub? I think it would fit well.
