03 Jun Researcher Exploits Microsoft’s Notepad to ‘Pop a Shell’
Google Project Zero researcher unearths a bug in Microsoft’s Notepad Windows application.
A memory corruption bug in the Microsoft’s Windows Notepad application can be used to open remote shell access – typically a first step for attackers infiltrating a system.
The bug was found by Tavis Ormandy, a bug hunter with Google’s Project Zero team. In a tweet he indicated that the bug was tied to a memory corruption flaw in Notepad, a basic text editor that has shipped on all versions of Windows since 1985.