Zerush@lemmy.ml to Open Source@lemmy.ml · 3 个月前LibreOffice learns to speak Markdown in version 26.2www.theregister.comexternal-linkmessage-square13linkfedilinkarrow-up1327arrow-down10cross-posted to: libreoffice@discuss.tchncs.de
arrow-up1327arrow-down1external-linkLibreOffice learns to speak Markdown in version 26.2www.theregister.comZerush@lemmy.ml to Open Source@lemmy.ml · 3 个月前message-square13linkfedilinkcross-posted to: libreoffice@discuss.tchncs.de
minus-squareClassy Hatter@sopuli.xyzlinkfedilinkarrow-up57·3 个月前Hopefully it doesn’t have any Remote Code Execution vulnerabilities, like Microslop’s implementation had.
minus-squarejdnewmil@lemmy.calinkfedilinkarrow-up22·3 个月前How in the world did they manage that? Did they implement it internally as a TCP API and expose it?
minus-squareClassy Hatter@sopuli.xyzlinkfedilinkarrow-up33·3 个月前I don’t know the technicalities, but Markdown supports links, and it’s possible to craft a link that downloads a file and then executes it. You can look up the Notepad.exe RCE vulnerability from this year.
minus-squareBig Baby Thor@sopuli.xyzlinkfedilinkarrow-up21·3 个月前Basically Notepad would pass the link to ShellEx and could launch executables.
minus-squarewarmaster@lemmy.worldlinkfedilinkarrow-up29arrow-down1·3 个月前It was like: Hey Copilot, add Markdown support in Word Sure thing Satya! There you have it, I made sure not to add any vulnerabilities like you always tell me.
minus-squarejol@discuss.tchncs.delinkfedilinkarrow-up5·3 个月前They probably vibe coded it, and only copilot reviewed and merged the code.
Hopefully it doesn’t have any Remote Code Execution vulnerabilities, like Microslop’s implementation had.
How in the world did they manage that? Did they implement it internally as a TCP API and expose it?
I don’t know the technicalities, but Markdown supports links, and it’s possible to craft a link that downloads a file and then executes it. You can look up the Notepad.exe RCE vulnerability from this year.
Basically Notepad would pass the link to ShellEx and could launch executables.
It was like:
They probably vibe coded it, and only copilot reviewed and merged the code.