User interaction required was listed on the MSRC source, but that’s also where “RCE” came from too.
Comment on A remote code execution vulnerability has been found in Microslop Notepad
Linearity@infosec.pub 5 days ago
I read on a Mastodon thread that it isn’t actually an RCE vuln
You have to open a .md in notepad for it to
m4ylame0wecm@lemmy.zip 5 days ago
surewhynotlem@lemmy.world 5 days ago
I HATE that the industry started calling these RCE (specifically “passive” RCE). It really muddies the waters.
This isn’t a normal RCE where an attacker can remotely connect in and execute code. Those are very serious.
This is a passive RCE. Basically code injection from inappropriately parsing a file. And it doesn’t need to be remote. You can use a local file.
Nighed@feddit.uk 4 days ago
That’s the opposite of how I would understand it though. If you said a passive RCE I would understand that as it being run without me doing anything - in this case, just having notepad open making me vulnerable.