WingNews logo WingNews
top | item 46973180

(no title)

fhd2 | 18 days ago

> Anyway, it's not related to CoPilot, but because Notepad makes links clickable now...

True, not related to CoPilot, but if I understand your conclusion right (which I'm not sure about), it's not _just_ that links are clickable now, it's because Notepad actually does something with the links. Otherwise it'd be a browser vulnerability, and Notepad couldn't seriously be blamed.

discuss

order

LiamPowell|18 days ago

It's in fact the opposite. Browsers show a popup that asks if you really intended to click a link with a non http/https handler, notepad does not.

The actual RCE here would be in some other application that registers a URL handler. Java used to ship one that was literally designed to run arbitrary code.

fhd2|18 days ago

Ah, got it. Very different from where I suspected the issue then.