alt Hacker NewsThats not the case here.
Web browsers warn you about opening arbitrary protocols. And you have to select the program that will open it.
This Notepad vuln, allows you to click things like ssh://x....
Thats not the case here.
Web browsers warn you about opening arbitrary protocols. And you have to select the program that will open it.
This Notepad vuln, allows you to click things like ssh://x....
> This Notepad vuln, allows you to click things like ssh://x....
Which just opens up SSH connecting to a server. Is that really RCE?
It'll also only work with URI schemes that are registered on your system. It's not running arbitrary commands - software you install on your PC registers URI schemes and sets what command it should run when opened. It's then up to that software to parse the URI and handle it properly. If it doesn't then the RCE belongs to them because they registered the URI scheme and failed to handle it securely. Having an allowlist of URI schemes in Notepad isn't going to fix it.