According to Threatpost reports , Google's Project Zero team has been successful in Notepad (Windows Notepad) is converted into the entrance of a complete system access.
The team's Tavis Ormandy discovered in Notepad memory corruption vulnerability that allows a hacker to use certain malformed file, so that the software provides remote access to Shell - which means that a hacker could completely take over the system.
Specific details of the problem has not been revealed, Travis representation has notified Microsoft, Microsoft has up to 90 days to fix the problem before the vulnerability disclosure.
"Notepad attack surface exposed to very little, but it's still enough to allow an attacker to run arbitrary code", White Note founder Dan Kaminsky said, we can not because a simple notepad, I felt sure it was safe.
At the same time, also informed the researchers point out, the hacker before opening the file, you need to get goals in Notepad. In addition to the deprecated IE 11, this does not occur in general. "After today's release of IE mitigation measures, unless sitting in front of the computer, or you can not start Notepad on the system", Kaminsky explained.
It is worth mentioning that Notepad is a lot of commonly used software developers - after all, it seems to be open unknown file the most convenient and secure way. But now it seems that this practice is "safe", may have to make a question mark.
Reference: MSPoweruser , cnBeta