Jump to content
  • Paint 3D for Windows 10 had a Remote Code Execution flaw


    Karlston

    • 739 views
    • 2 minutes
     Share


    • 739 views
    • 2 minutes

    Paint 3D for Windows 10 had a Remote Code Execution flaw

     

    Microsoft’s Paint 3D was never popular, but it turns out the app was also actually dangerous to your system health after ZDI researchers discovered a Remote Code Execution Flaw in the 3D modelling software.

     

    The exploit, which was discovered by fuzzing, requires a user to load a compromised file and has now been patched by Microsoft in the latest Patch Tuesday.

     

    The issue is described in CVE-2021-31946 and reads as such:

    Microsoft Paint 3D GLB File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability

     

    This vulnerability allows remote attackers to execute arbitrary code on affected installations of Microsoft Paint 3D. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.

     

    The specific flaw exists within the parsing of GLB files. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated data structure. An attacker can leverage this vulnerability to execute code in the context of the current process at low integrity.

    The flaw had a medium severity, as it required that the attacker had already escalated their privileges on your system.

     

    Microsoft has issued an update to the software which fixes the issue, but Windows 11 users need not worry, as the software is no longer pre-installed in that OS.

     

     

    Paint 3D for Windows 10 had a Remote Code Execution flaw


    User Feedback

    Recommended Comments

    There are no comments to display.



    Join the conversation

    You can post now and register later. If you have an account, sign in now to post with your account.
    Note: Your post will require moderator approval before it will be visible.

    Guest
    Add a comment...

    ×   Pasted as rich text.   Paste as plain text instead

      Only 75 emoji are allowed.

    ×   Your link has been automatically embedded.   Display as a link instead

    ×   Your previous content has been restored.   Clear editor

    ×   You cannot paste images directly. Upload or insert images from URL.


  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...