Is there a non-sense free description.

So far, i learned that notepad can open links from Markdown. I assume Markdown calls some Windows API open(link) where link is any string. That’s hardly a vulnerability by itself, that’s working as designed.

Where does the code execution happen? Is it open(hackersite.com/exploite.exe)? Can’t be. They’re not that stupid.

Is it open(file:///PowerShell.exe?atbitaryCodeHere)? Who would allow this?

Or open(teams://magic/doThing)?

This sounds like trying to blame notepad (and by proxy all app developers) for a design flaw in the ecosystem