Comment by consp
1 day ago
> viewing data is a fundamental failure of the principle of least privilege.
I read the cwe not cve, was wrong. It's still early in the morning...
1 day ago
> viewing data is a fundamental failure of the principle of least privilege.
I read the cwe not cve, was wrong. It's still early in the morning...
You are mistaken:
> The malicious code would execute in the security context of the user who opened the Markdown file, giving the attacker the same permissions as that user.
> If I read it correctly (but could be mistaken), it runs with setuid root
I am certain you are mistaken. I couldn't find anything that hints at notepad running with elevated privileges.
People very often run notepad as administrator (anything launched from administrative powershell instances will run like this).
In fact, if you enabled developer mode on your computer there's a registry key that gets set to run notepad as admin, it's: `runas /savecred /user:PC-NAME\Administrator “notepad %1”` in HKEY_CLASSES_ROOT-> * -> shell -> runas (new folder) -> (Default)
And, if I'm not totally mistaken, notepad also has the ability to reopen files as administrator, but I don't remember how to invoke it.
Regardless, notepad is a very trusted application and is often run as Administrator. Often it's more trusted than any other utility to modify system files.
> And, if I'm not totally mistaken, notepad also has the ability to reopen files as administrator, but I don't remember how to invoke it.
I think that's a notepad plus plus feature. I had it offer to reopen itself as administrator when editing system files like HOSTS.
> Regardless, notepad is a very trusted application and is often run as Administrator.
Sorry to say this, but Notepad was a very trusted application now. I cannot believe that such a core utility has a 8.8 CVE, it sounds like a joke tbh.
1 reply →