Zerush@lemmy.mlcake to Open Source@lemmy.ml · 2 months agoLibreOffice learns to speak Markdown in version 26.2www.theregister.comexternal-linkmessage-square7linkfedilinkarrow-up14arrow-down10
arrow-up14arrow-down1external-linkLibreOffice learns to speak Markdown in version 26.2www.theregister.comZerush@lemmy.mlcake to Open Source@lemmy.ml · 2 months agomessage-square7linkfedilink
minus-squareClassy Hatter@sopuli.xyzlinkfedilinkarrow-up0·2 months agoHopefully it doesn’t have any Remote Code Execution vulnerabilities, like Microslop’s implementation had.
minus-squarejdnewmil@lemmy.calinkfedilinkarrow-up1·2 months agoHow in the world did they manage that? Did they implement it internally as a TCP API and expose it?
minus-squarejol@discuss.tchncs.delinkfedilinkarrow-up1·2 months agoThey probably vibe coded it, and only copilot reviewed and merged the code.
minus-squarewarmaster@lemmy.worldlinkfedilinkarrow-up1·2 months agoIt was like: Hey Copilot, add Markdown support in Word Sure thing Satya! There you have it, I made sure not to add any vulnerabilities like you always tell me.
minus-squareClassy Hatter@sopuli.xyzlinkfedilinkarrow-up0·2 months agoI don’t know the technicalities, but Markdown supports links, and it’s possible to craft a link that downloads a file and then executes it. You can look up the Notepad.exe RCE vulnerability from this year.
minus-squareBig Baby Thor@sopuli.xyzlinkfedilinkarrow-up1·2 months agoBasically Notepad would pass the link to ShellEx and could launch executables.
Hopefully it doesn’t have any Remote Code Execution vulnerabilities, like Microslop’s implementation had.
How in the world did they manage that? Did they implement it internally as a TCP API and expose it?
They probably vibe coded it, and only copilot reviewed and merged the code.
It was like:
I don’t know the technicalities, but Markdown supports links, and it’s possible to craft a link that downloads a file and then executes it. You can look up the Notepad.exe RCE vulnerability from this year.
Basically Notepad would pass the link to ShellEx and could launch executables.