@HereToChewGum If you want an explanation, bloody ask for one. Quoting text your interlocutor went through is a passive aggressive insult at best.
Especially given how you evidently didn’t put even a shred of effort into reading the damn CVE and its sources yourself.
It’s not triggered over the network. Read the fine print!
Are you using Grok to talk to me or something?
@HereToChewGum Read the details. There’s no remote execution capability, but rather a user can be tricked into executing code from a remote source.
RCE, as I understand it, doesn’t involve user interaction. This is an ACE, but not an RCE.
> How could an attacker exploit this vulnerability?
>
> An attacker could _trick a user into clicking a malicious link_ inside a Markdown file opened in Notepad, causing the application to launch unverified protocols that load and execute remote files.
That’s not an RCE, is it?
