The popular white hat hacker Tavis Ormandy has announced the discovery of a code execution vulnerability in Microsoft’s Notepad text editor.
The Google Project Zero researcher Tavis Ormandy announced the discovery of a code execution flaw in Microsoft’s Notepad text editor.
Ormandy reported the issue to Microsoft and will wait 90 days according to Google vulnerability policy disclosure before revealing technical details of the flaw.
Of course, Ormandy could also disclose the details of the vulnerability after Microsoft will release a security patch to address the issue.
Ormandy anticipated that the vulnerability is a memory corruption bug and he shared via Twitter an image that demonstrates how to manage a “pop a shell in Notepad.”
The image posted by Ormandy shows that the vulnerability has been exploited to launch a Command Prompt, the expert confirmed he has already developed a “real exploit” for the issue.
A message published by Chaouki Bekrar, founder of zero-day broker Zerodium, confirms that the type of issue found by the Google white hat hacker is not uncommon to find. The real surprise, according to Chaouki Bekrar, is to find an expert that report it to Microsoft instead of exploiting it or attempt to sell it.
Pierluigi Paganini is member of the ENISA (European Union Agency for Network and Information Security) Threat Landscape Stakeholder Group and Cyber G7 Group, he is also a Security Evangelist, Security Analyst and Freelance Writer.
Editor-in-Chief at "Cyber Defense Magazine", Pierluigi is a cyber security expert with over 20 years experience in the field, he is Certified Ethical Hacker at EC Council in London. The passion for writing and a strong belief that security is founded on sharing and awareness led Pierluigi to find the security blog "Security Affairs" recently named a Top National Security Resource for US.
Pierluigi is a member of the "The Hacker News" team and he is a writer for some major publications in the field such as Cyber War Zone, ICTTF, Infosec Island, Infosec Institute, The Hacker News Magazine and for many other Security magazines.
Author of the Books "The Deep Dark Web" and “Digital Virtual Currency and Bitcoin”.