Zerush@lemmy.mlcake to Open Source@lemmy.ml · 2 months agoLibreOffice learns to speak Markdown in version 26.2www.theregister.comexternal-linkmessage-square13linkfedilinkarrow-up1327arrow-down10cross-posted to: libreoffice@discuss.tchncs.de
arrow-up1327arrow-down1external-linkLibreOffice learns to speak Markdown in version 26.2www.theregister.comZerush@lemmy.mlcake to Open Source@lemmy.ml · 2 months agomessage-square13linkfedilinkcross-posted to: libreoffice@discuss.tchncs.de
minus-squareClassy Hatter@sopuli.xyzlinkfedilinkarrow-up57·2 months agoHopefully it doesn’t have any Remote Code Execution vulnerabilities, like Microslop’s implementation had.
minus-squarejdnewmil@lemmy.calinkfedilinkarrow-up22·2 months agoHow in the world did they manage that? Did they implement it internally as a TCP API and expose it?
minus-squareClassy Hatter@sopuli.xyzlinkfedilinkarrow-up33·2 months agoI don’t know the technicalities, but Markdown supports links, and it’s possible to craft a link that downloads a file and then executes it. You can look up the Notepad.exe RCE vulnerability from this year.
minus-squareBig Baby Thor@sopuli.xyzlinkfedilinkarrow-up21·2 months agoBasically Notepad would pass the link to ShellEx and could launch executables.
minus-squarewarmaster@lemmy.worldlinkfedilinkarrow-up29arrow-down1·2 months agoIt was like: Hey Copilot, add Markdown support in Word Sure thing Satya! There you have it, I made sure not to add any vulnerabilities like you always tell me.
minus-squarejol@discuss.tchncs.delinkfedilinkarrow-up5·2 months agoThey probably vibe coded it, and only copilot reviewed and merged the code.
Hopefully it doesn’t have any Remote Code Execution vulnerabilities, like Microslop’s implementation had.
How in the world did they manage that? Did they implement it internally as a TCP API and expose it?
I don’t know the technicalities, but Markdown supports links, and it’s possible to craft a link that downloads a file and then executes it. You can look up the Notepad.exe RCE vulnerability from this year.
Basically Notepad would pass the link to ShellEx and could launch executables.
It was like:
They probably vibe coded it, and only copilot reviewed and merged the code.