Improper neutralization of special elements used in a command (‘command injection’) in Windows Notepad App allows an unauthorized attacker to execute code over a network.
An attacker could trick a user into clicking a malicious link inside a Markdown file opened in Notepad, causing the application to launch unverified protocols that load and execute remote files.
TIL notepad can render markdown
The addition of markdown support is what opened this vulnerability, iirc.
I hate the absolute misuse of the RCE definition. An RCE used to not have any user interaction.
deleted by creator
Damn, poor windows users… Just kidding lmao
Btw, ycombinator supports no activitypub? I think it would fit well.
8.8 CVSS
Vibecode doing it’s thing.
Well notepad++ hasn’t been looking great https://notepad-plus-plus.org/news/hijacked-incident-info-update/
Jesus, WOW
