Comment on A remote code execution vulnerability has been found in Microslop Notepad
surewhynotlem@lemmy.world 5 days agoI HATE that the industry started calling these RCE (specifically “passive” RCE). It really muddies the waters.
This isn’t a normal RCE where an attacker can remotely connect in and execute code. Those are very serious.
This is a passive RCE. Basically code injection from inappropriately parsing a file. And it doesn’t need to be remote. You can use a local file.
Nighed@feddit.uk 4 days ago
That’s the opposite of how I would understand it though. If you said a passive RCE I would understand that as it being run without me doing anything - in this case, just having notepad open making me vulnerable.