Improper neutralization of special elements used in a command (‘command injection’) in Windows Notepad App allows an unauthorized attacker to execute code over a network.
An attacker could trick a user into clicking a malicious link inside a Markdown file opened in Notepad, causing the application to launch unverified protocols that load and execute remote files.
TIL notepad can render markdown
The addition of markdown support is what opened this vulnerability, iirc.
Jesus, WOW
Damn, poor windows users… Just kidding lmao
Why does the notepad app do anything but edit text?
Feature creep.
Creature feep
They added markup so now links work.
Well, it was bad at that too. Until they vibe-coded it to a Wordpad2.
I hate the absolute misuse of the RCE definition. An RCE used to not have any user interaction.
8.8 CVSS
Redsumé-driven dev doing it’s thing.
Well notepad++ hasn’t been looking great https://notepad-plus-plus.org/news/hijacked-incident-info-update/
Is there a non-sense free description.
So far, i learned that notepad can open links from Markdown. I assume Markdown calls some Windows API open(link) where link is any string. That’s hardly a vulnerability by itself, that’s working as designed.
Where does the code execution happen? Is it open(https://hackersite.com/exploite.exe)? Can’t be. They’re not that stupid.
Is it open(file:///PowerShell.exe?atbitaryCodeHere)? Who would allow this?
Or open(teams://magic/doThing)?
This sounds like trying to blame notepad (and by proxy all app developers) for a design flaw in the ecosystem
