Security researcher from Google found Memory Corruption Exploit in Notepad

Tavis Ormandy, a security researcher from Google via her Twitter account said that he had just discovered a memory corruption gap in Microsoft's text editor application, Notepad.

In his tweet that reached 1k retweet, he indicated that he could call other applications in the ongoing Notepad process. Some followers and friends thought that he was joking and thought that the screenshots shown by Tavis Ormandy were made using the file browsing feature in Notepad. But Tavis Ormandy explained that she found really a memory corruption gap.

Tavis Ormandy himself said that he had reported the gap to Microsoft and would immediately write a writeup if the gap was fixed. A screenshot that he shows on Twitter (Notepad which can call cmd.exe) is just a demonstration of how the exploit works. He himself confirmed that he had developed a "real exploit" for this gap.

The founder of Zerodium, Chaouki Bekrar, commented on this by saying Tavis might not be the first person to successfully exploit Notepad with exploit memory corruption, but he was the first person to report it to Microsoft. This statement is reasonable because there are now a lot of malicious hackers selling exploits to find more money, rather than reporting to related companies.