Zerush@lemmy.ml to Open Source@lemmy.ml · 7 hours agoLibreOffice learns to speak Markdown in version 26.2www.theregister.comexternal-linkmessage-square13fedilinkarrow-up1198arrow-down10
arrow-up1198arrow-down1external-linkLibreOffice learns to speak Markdown in version 26.2www.theregister.comZerush@lemmy.ml to Open Source@lemmy.ml · 7 hours agomessage-square13fedilink
minus-squarejdnewmil@lemmy.calinkfedilinkarrow-up15·6 hours agoHow in the world did they manage that? Did they implement it internally as a TCP API and expose it?
minus-squarewarmaster@lemmy.worldlinkfedilinkarrow-up11·4 hours agoIt was like: Hey Copilot, add Markdown support in Word Sure thing Satya! There you have it, I made sure not to add any vulnerabilities like you always tell me.
minus-squarejol@discuss.tchncs.delinkfedilinkarrow-up1·3 hours agoThey probably vibe coded it, and only copilot reviewed and merged the code.
minus-squareClassy Hatter@sopuli.xyzlinkfedilinkarrow-up21·6 hours agoI don’t know the technicalities, but Markdown supports links, and it’s possible to craft a link that downloads a file and then executes it. You can look up the Notepad.exe RCE vulnerability from this year.
minus-squareBig Baby Thor@sopuli.xyzlinkfedilinkarrow-up13·5 hours agoBasically Notepad would pass the link to ShellEx and could launch executables.
How in the world did they manage that? Did they implement it internally as a TCP API and expose it?
It was like:
They probably vibe coded it, and only copilot reviewed and merged the code.
I don’t know the technicalities, but Markdown supports links, and it’s possible to craft a link that downloads a file and then executes it. You can look up the Notepad.exe RCE vulnerability from this year.
Basically Notepad would pass the link to ShellEx and could launch executables.