OP, I assume your comment[1] is getting flagged because of the obvious LLM usage. No one wants to interact with a comment that's not written by a human.
Or it's more that people recognize that this isn't a "Zero-Click RCE" and we're tired of people trying to claim that every damn bug is a huge security risk.
If an attacker can already either modify the existing shortcuts.xml file or convince me to download and run a .lnk file that links to a different one they managed to get onto my computer then they don't need to use Notepad++ to do their dirty work.
My post is informative and informative. Disclosure was carried out with the maintainer, respecting the software fix times. It's true that we live in a difficult world.
If an attacker can already either modify the existing shortcuts.xml file or convince me to download and run a .lnk file that links to a different one they managed to get onto my computer then they don't need to use Notepad++ to do their dirty work.