Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

clicking links should not be a security issue and yes the CVE is totally deserved: that's remote code execution.


How is the code execution remote?


It's remote from the attacker point of view. It allows to remote execute the code the attacker provided.

It'd be the same to upload a file to a web server that gets to be run by the said web server, except this time it's done with "notepad.exe"




Consider applying for YC's Fall 2026 batch! Applications are open till July 27.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: