Comment on A remote code execution vulnerability has been found in Microslop Notepad
ClassyHatter@sopuli.xyz 17 hours agoAs I understood it, there can be specifically crafted links in Markdown documents, which, when clicked, will download a file and then execute it.
kernelle@lemmy.dbzer0.com 14 hours ago
RCE means exactly this, the ability to run any code on a remote device (the one running notepad).
It’s a parsing issue. I’ve encountered the same writing an MD parser for a website, not as trivial to solve as it seems. For a multi billion dollar company this is hilariously stupid. Why do I get the feeling someone vibecoded this entire implementation.
Truscape@lemmy.blahaj.zone 13 hours ago
'cause they did, mate.
regedit@lemmy.zip 12 hours ago
They admitted, IIRC, that they fired a bunch of devs and then used gen-AI to write code. I think I have a comment from last year around this time that this was gonna happen, including data breaches on a massive scale, when companies were openly touting this tactic. It’s only getting started.