"Windows Notepad App Remote Code Execution Vulnerability"

@lmorchard @catsalad if it was a local vulnerability, I’d probably think “yeah, that can happen to any app due to a library”, but a basic text editor should not have any remote capabilities.

@lmorchard @catsalad @waynedixon it mentions "trick the user into clicking a markdown link"

@tiotasram @lmorchard @catsalad and some people wonder why I don't jump into every single new technology and stick with something that people consider "antiquated"....

@lmorchard lol. *tabs back to vim*

@lmorchard At this point, if your program can't work without Internet access, it's broken. "But the Web-" Idgaf. Shut it down.

@lmorchard i taught a secretarial word processing class on exactly that setup in 1984 or 1985.

The old lady teaching a Wang VS word processing class down the hall sneered.

Apple is still around. Wang... ain't.

@tiotasram@kolektiva.social @lmorchard@masto.hackers.town @catsalad@infosec.exchange @waynedixon@mastodon.social honestly starting to wonder why this is a vuln and what they fixed

I'm assuming it's launching URIs through the Windows handler for them, and you'd get the same results passing the same URI into the Run dialog?

although Notepad supporting rich text including Markdown is a choice, and not one I would've made, but.