soloWINDOWS NOTEPAD APP REMOTE CODE EXECUTION VULNERABILITY
Evalyn
Amber 
(aka kemona_halftau)@solonovamax my exact thoughts
- 💚 jade
- 💚 jade
Jen, Enbymilf@solonovamax
WHAT..... WHAT THE FUCK!?
WHAT..... WHAT THE FUCK!?
Woe is Meow(ing Constantly)@solonovamax how do you fuck up a text editor THAT BADLY
Leeloo@woeisme @solonovamax
Back in the day, we had exactly the same with email. Like a text file in notepad, emails were so simple that they could not contain a virus (you could attach one, but attachments didn't do anything, you could just save then).
Then Microsoft introduced Outlook and Outlook Express, and for a while, email viruses were the most common kind.
Kiloku - Secretário do Caos@solonovamax "An attacker could trick a user into clicking a malicious link inside a Markdown file opened in Notepad, causing the application to launch unverified protocols that load and execute remote files."
Why have they made their plaintext editor render markdown??
Stadler BLÃ…HAJ Evowo 
@Kiloku @solonovamax let's all be honest, when we think of a basic plaintext editor, we all think it's in direct competition with tools like iotas, or even obsidian or nextcloud notes
Krutonium://@Kiloku @solonovamax Because they removed WordPad and then realized they didn't have anything that filled the Niche that WordPad did. And the solution, instead of bringing back WordPad, was to AI Re-Write Notepad into WordPad Featuring AI.
Chase@Kiloku @solonovamax more interesting, how the fuck do you cause an RCE vulnerability in a markdown renderer?
Leonardo Ferreira FontenelleI've tried it, it's ugly, and doesn't blend well with actually editing the file. Couldn't they just do syntax highlighting?!
Deadly Headshot@Kiloku
I prefer the Markdown approach to how Apple just turned their text editor into a straight Word Processor without an easy way to do unformatted text anymore. Still, Microsoft shouldn't be feature-cramming Notepad of all programs!
At least the new Microsoft "Edit" is an OK text editor...
@solonovamax
schuelermine@solonovamax this seems like it's just clicking a malicious link with a weird protocol. does the attacker need to have a specific protocol handler installed? why is this not exploitable from other apps that display untrusted links?
Luna Lactea@solonovamax it's not April yet what the fuck
Vincent Sparks 🔜 Furlingame@solonovamax non vibe coders have a long and lucrative career ahead of them cleaning up this mess
@AVincentInSpace @solonovamax never do your job too well.
Odo@solonovamax I don’t understand how this could even happen. It’s a markup language. Are the calling `eval` on the markdown output?
ResunaBasically, it's effectively a shell injection via markdown-formatted hyperlinks.
[GRLC] neon cybergoth
Stuart Longland (VK4MSL)@solonovamax A decade ago, if you told IT security people that this would happen, you'd have been laughed out of the room.
1985, it released with Windows 1.0
1990, the Windows 3.0 version added a Help menu.
I think it basically was unchanged until Windows 10 when they decided it'd be a good idea to support Unix line endings. There might've been file size limit increases in that time too… but the UI was basically unchanged.
Then some bright spark decided it needed AI.
Stryder Notavi@solonovamax @stuartl I went and tried to find if there's ever been a prior CVE for notepad and came up empty.
So decent odds that this is the first CVE Windows Notepad has ever had.
That's an accomplishment, just not of the good kind.
@StryderNotavi @solonovamax Not surprising, the only way you could achieve a CVE back then would be to make someone open a nasty text file.
Given it used to throw its hands up in the air beyond a megabyte or two, that was a tall order. Maybe DDE had a vector, but I doubt it.
It was fine for 40 years… 40! Then, they decided it was due for its mid-life crisis with CVE-inducing network features.
@StryderNotavi
Does the infamous "Bush Hid The Facts" Notepad glitch count? (I don't know if that still "works", of course).
@solonovamax @stuartl
Does the infamous "Bush Hid The Facts" Notepad glitch count? (I don't know if that still "works", of course).
@solonovamax @stuartl
@dheadshot @solonovamax @stuartl I suspect that would count as a regular old bug, rather than a vulnerability unless there's some way of exploiting it as an attack somehow.
@solonovamax For those who are curious, there's a JavaScript VM where you can play around with these in your browser:
https://www.pcjs.org/software/pcx86/sys/windows/1.00/ is what Notepad first looked like… you can run it by double-clicking the `NOTEPAD.EXE` in the MS-DOS Executive window once Windows 1.0 has booted.
https://www.pcjs.org/software/pcx86/sys/windows/3.00/ is the form that most people here would have seen it in. You'll find Notepad under Accessories. Windows 3.0 introduced an online help feature, hence the new "Help" menu.
It basically was unchanged from there. A few years later, it became 32-bit, but still looked and worked the same. Sadly, they do not have a Windows NT 3.1 image on that site, but they have Windows 95 there:
https://www.pcjs.org/software/pcx86/sys/windows/win95/4.00.950/
(Blows my mind actually that Windows 95 can run in a web browser today… but here we are.)
I seem to recall the Windows 7 one looked pretty much identical. It did its job, until the day it didn't.
Flaky@solonovamax ...Can't say I'm surprised. Saw this and felt nothing.