... ...
Ormandy reported the issue to Microsoft and will wait 90 days according to Google vulnerability policy disclosure before revealing technical details of the flaw.
Of course, Ormandy could also disclose the details of the vulnerability after Microsoft will release a security patch to address the issue.
Ormandy anticipated that the vulnerability is a memory corruption bug and he shared via Twitter an image that demonstrates how to manage a “pop a shell in Notepad.”
The image posted by Ormandy shows that the vulnerability has been exploited to launch a Command Prompt, the expert confirmed he has already developed a “real exploit” for the issue.
... ...
