Zerush@lemmy.ml to Open Source@lemmy.ml · 8 hours agoLibreOffice learns to speak Markdown in version 26.2www.theregister.comexternal-linkmessage-square13fedilinkarrow-up1206arrow-down10
arrow-up1206arrow-down1external-linkLibreOffice learns to speak Markdown in version 26.2www.theregister.comZerush@lemmy.ml to Open Source@lemmy.ml · 8 hours agomessage-square13fedilink
minus-squareClassy Hatter@sopuli.xyzlinkfedilinkarrow-up38·7 hours agoHopefully it doesn’t have any Remote Code Execution vulnerabilities, like Microslop’s implementation had.
minus-squarejdnewmil@lemmy.calinkfedilinkarrow-up15·7 hours agoHow in the world did they manage that? Did they implement it internally as a TCP API and expose it?
minus-squarewarmaster@lemmy.worldlinkfedilinkarrow-up12·5 hours agoIt was like: Hey Copilot, add Markdown support in Word Sure thing Satya! There you have it, I made sure not to add any vulnerabilities like you always tell me.
minus-squareClassy Hatter@sopuli.xyzlinkfedilinkarrow-up21·7 hours agoI don’t know the technicalities, but Markdown supports links, and it’s possible to craft a link that downloads a file and then executes it. You can look up the Notepad.exe RCE vulnerability from this year.
minus-squareBig Baby Thor@sopuli.xyzlinkfedilinkarrow-up13·7 hours agoBasically Notepad would pass the link to ShellEx and could launch executables.
minus-squarejol@discuss.tchncs.delinkfedilinkarrow-up1·4 hours agoThey probably vibe coded it, and only copilot reviewed and merged the code.
Hopefully it doesn’t have any Remote Code Execution vulnerabilities, like Microslop’s implementation had.
How in the world did they manage that? Did they implement it internally as a TCP API and expose it?
It was like:
I don’t know the technicalities, but Markdown supports links, and it’s possible to craft a link that downloads a file and then executes it. You can look up the Notepad.exe RCE vulnerability from this year.
Basically Notepad would pass the link to ShellEx and could launch executables.
They probably vibe coded it, and only copilot reviewed and merged the code.