Impact
Based on the description, it is inferred that the vulnerability allows an attacker who may not be authenticated to run arbitrary commands on the local machine. The impact is the potential for any code to be executed with the permissions of the current user, compromising confidentiality, integrity, or availability of the affected system.
Affected Systems
The vulnerability affects Microsoft Windows Notepad. No specific version ranges are supplied, so any installation of Notepad that has not yet been updated through Microsoft’s security channels could be susceptible.
Risk and Exploitability
The CVSS score of 7.8 indicates high severity, while an EPSS score of 0.1165% indicates a lower likelihood of exploitation. The issue is not listed in the CISA KEV catalogue. Based on the description, it is inferred that attacks would most likely occur in a local context, such as from a malicious document, shortcut, or other user-initiated action that triggers the vulnerable code path.
OpenCVE Enrichment