It is to do with link handling:

mjmas • today at 10:32 AM • 3 replies • view on HN

https://msrc.microsoft.com/update-guide/vulnerability/CVE-20...

> An attacker could trick a user into clicking a malicious link inside a Markdown file opened in Notepad, causing the application to launch unverified protocols that load and execute remote files.

Replies

BLKNSLVR • today at 11:42 AM

> It is to do with link handling:

Notepad? Link handling?

That's like my pencil having a CVE that's to do with how it loads the ink. That old saying about 'if Microsoft built a car' is more true now than it was then: https://www.snopes.com/fact-check/car-balk/

➕ show 3 replies

gcr • today at 1:13 PM

What does “unverified protocols” mean? Does Windows have an exe:// url scheme that fetches and runs executable binaries or something?

➕ show 1 reply

graemep • today at 1:36 PM

Is this a big deal? is it also not a problem with anything that renders clickable links? Browsers, email clients, whatever.

Is this not a problem with anything that offers a preview of markdown (or HTML, or anything with embedded links)?

➕ show 1 reply

alt Hacker News

Replies