Comment by xxs
2 days ago
clicking links should not be a security issue and yes the CVE is totally deserved: that's remote code execution.
2 days ago
clicking links should not be a security issue and yes the CVE is totally deserved: that's remote code execution.
How is the code execution remote?
It's remote from the attacker point of view. It allows to remote execute the code the attacker provided.
It'd be the same to upload a file to a web server that gets to be run by the said web server, except this time it's done with "notepad.exe"