Zerush@lemmy.ml to Open Source@lemmy.ml · 2 months agoLibreOffice learns to speak Markdown in version 26.2www.theregister.comexternal-linkmessage-square7linkfedilinkarrow-up14arrow-down10
arrow-up14arrow-down1external-linkLibreOffice learns to speak Markdown in version 26.2www.theregister.comZerush@lemmy.ml to Open Source@lemmy.ml · 2 months agomessage-square7linkfedilink
minus-squarejdnewmil@lemmy.calinkfedilinkarrow-up1·2 months agoHow in the world did they manage that? Did they implement it internally as a TCP API and expose it?
minus-squarejol@discuss.tchncs.delinkfedilinkarrow-up1·2 months agoThey probably vibe coded it, and only copilot reviewed and merged the code.
minus-squarewarmaster@lemmy.worldlinkfedilinkarrow-up1·2 months agoIt was like: Hey Copilot, add Markdown support in Word Sure thing Satya! There you have it, I made sure not to add any vulnerabilities like you always tell me.
minus-squareClassy Hatter@sopuli.xyzlinkfedilinkarrow-up0·2 months agoI don’t know the technicalities, but Markdown supports links, and it’s possible to craft a link that downloads a file and then executes it. You can look up the Notepad.exe RCE vulnerability from this year.
minus-squareBig Baby Thor@sopuli.xyzlinkfedilinkarrow-up1·2 months agoBasically Notepad would pass the link to ShellEx and could launch executables.
How in the world did they manage that? Did they implement it internally as a TCP API and expose it?
They probably vibe coded it, and only copilot reviewed and merged the code.
It was like:
I don’t know the technicalities, but Markdown supports links, and it’s possible to craft a link that downloads a file and then executes it. You can look up the Notepad.exe RCE vulnerability from this year.
Basically Notepad would pass the link to ShellEx and could launch executables.