A memory corruption bug in the Windows Notepad application can be used to open remote shell access. The bug was found by Tavis Ormandy, a bug hunter with Google s Project Zero team. More details of the bug will be revealed in 90 days after Microsoft patches the bug. The term popping a shell is shorthand for describing an attack where the adversary exploits a computer and gain remote access via a shell connection. An attacker would first have to trigger the launch Notepad then pop open a shell.
Source: https://threatpost.com/researcher-exploits-microsofts-notepad-to-pop-a-shell/145242/