So notepad now renders links, then when clicks execute the code on those links (not just loading a website in a browser for example)?
So notepad now renders links, then when clicks execute the code on those links (not just loading a website in a browser for example)?
My assumption here is that if the link is web link it will open that link in web browser but Windows (and other OSes) have custom URL handlers that open whatever app is registered for that URL and that app may have issues that causes it to download and run arbitrary code.
Windows and other OSes have application launchers that open whatever app you want, and those apps may have issues that cause it to download and run arbitrary code. if that's the logic here, then every application launcher is vulnerable to similar RCE.
if there's really nothing more to this 8.8 RCE CVE than that, this will finally be the thing that's makes me blackhole cve.org.
I'm at work, on a work computer, so can't fully test, but yes.
I saved this as test.md, opened it in notepad, clicked the link, and it popped open a command line:
[Click me](C:/Windows/System32/cmd.exe)
Can definitely go further than this; just a quick test.
To be fair, though, it's not just a click -> open/run. The user has to `ctrl+click` and will see the source of the link (at least I do).