Visual Studio Code Extensions Markdown Preview Enhanced Arbitrary Code Execution Vulnerability

A vulnerability in the Visual Studio Code extension Markdown Preview Enhanced, version 0.8.18, allows attackers to execute arbitrary code by uploading a specially crafted Markdown file. This exploitation takes advantage of the way the extension processes HTML tags in Markdown, enabling the execution of JavaScript in the preview context with same-origin privileges. The executed script can communicate with localhost, potentially leading to local network enumeration and data exfiltration to an attacker-controlled server.

Impact

Exploitation of this vulnerability allows for arbitrary code execution, with the executed code having the ability to interact with local network services and exfiltrate data to a remote server.

Reproduction

To reproduce this vulnerability, upload a crafted Markdown file to the Visual Studio Code extension Markdown Preview Enhanced, version 0.8.18. The file should include a line that the extension will process and render inside an iframe, allowing embedded JavaScript to execute. Once the file is opened in the preview, the JavaScript can perform actions such as scanning local ports and sending the results to a remote server.