Rce

TLDR: POC at the bottom. It is actually pretty simple Intro Recently, Microsoft updated notepad and at some point in 2025 it gained the ability to render Markdown files. Poking around I played a bit with this functionality when I first noticed it. Looked mostly into the link feature, as this is something a lot of markdown renderers on the web get wrong and can have an impact. I noticed pretty fast that when a user clicks a link (Ctrl+Click) the default browser opens instantly, without a confirmation pop-up (as is common in web browsers). Using another URI scheme, other than HTTP, like ms-calculator:// or steam:// also opens the respective applications without confirmations. ...