As someone who uses Notepad to write most of the time (rather than Word Document), the fact that this basic software is capable of taking complete control of a Windows PC is pretty fascinating. After all, it was always possible for Notepad to be powerful, but not this powerful.
Of course, it's not really Notepad that's the root of the problem. Rather, according to a security researcher from Google Project Zero, the issue lies with a component in Windows’ Text Services Framework which manages keyboard layouts and text input. Specifically, the component known as CTextFramework (CTF), which dates back all the way to the days of Windows XP.
According to the researcher, it's that CTF which is full of flaws making it exploitable, relying on applications to display text on screen. He then demonstrated the process of doing so with the humble Notepad, gaining System-level privileges. Granted, this kind of hacking requires the hacker to have physical access to your Windows PC.
There are plenty of legacy bugs like this one that go unnoticed for years it seems. On the plus side, this particular flaw is officially designated CVE-2019-1162, and has since been patched by Microsoft. But one does have to give it up to this researcher for figuring out how powerful the Notepad can be.