I really hate that every markdown engine has its own flavor and I hope for a better standardization.
There is commonmark but it is lacking features like tables. https://commonmark.org/
Hopefully it doesn’t have any Remote Code Execution vulnerabilities, like Microslop’s implementation had.
How in the world did they manage that? Did they implement it internally as a TCP API and expose it?
It was like:
Hey Copilot, add Markdown support in Word
Sure thing Satya! There you have it, I made sure not to add any vulnerabilities like you always tell me.
They probably vibe coded it, and only copilot reviewed and merged the code.
I don’t know the technicalities, but Markdown supports links, and it’s possible to craft a link that downloads a file and then executes it. You can look up the Notepad.exe RCE vulnerability from this year.
Basically Notepad would pass the link to ShellEx and could launch executables.
