Comment on Microsoft's Notepad Got Pwned (They Added AI To It, So...)
pycorax@sh.itjust.works 1 week ago
Isn’t the point of a RCE that the user doesn’t need to click and run the malicious code? What makes this different from the user opening a site on a browser which is filled with links?
thisbenzingring@lemmy.today 1 week ago
the browser knows its opening links and has a code base on how to do that
notepad isn’t suppost to fetch data when the file it opens contains code that acts like a link
pycorax@sh.itjust.works 1 week ago
Does it not invoke the browser to do it? The article and associated pages don’t really go into how the whole flow it works.
Kazumara@discuss.tchncs.de 6 days ago
It uses a more generic shell linking method, that doesn’t just load web URLs but also file paths, including to executables.
news.ycombinator.com/item?id=46971516
thisbenzingring@lemmy.today 1 week ago
nvd.nist.gov/vuln/detail/CVE-2026-20841 this page would contain the best details on the CVE, there is a link to a forum discussing it
I don’t know for sure but I suspect it is like many of the other types of exploits where someone makes a normal looking URL but inside of it hides conditions that makes whatever is inspecting the URL to know that it should open in the web browser do something before it open the web browser. but before it does it it tells it to download some code and run it and that code then hijacks your “system” because the system service is running the code