Microsoft Windows 10 introduced Paint 3D from the Creators Update version, hoping to help everyone bring new creative experiences, but it turns out that functionality and security need to be equally emphasized. After ZDI researchers discovered a remote code execution vulnerability in 3D modeling software, the application actually threatened your system health.
The vulnerability was discovered through exploration and requires users to load a corrupted file. Now Microsoft has fixed it in the latest Patch Tuesday.
The issue is described as CVE-2021-31946, and the content is as follows:
Microsoft Paint 3D GLB File Parsing Out-Of-Bounds Read Remote Code Execution vulnerability. This vulnerability allows a remote attacker to execute arbitrary code in an affected Microsoft Paint 3D installation. Exploiting this vulnerability requires user interaction because the target must visit a malicious web page or open a malicious file.
A specific flaw exists in the parsing process of GLB files. The problem is due to the lack of correct verification of the data provided by the user, which may result in reading beyond the end of the allocated data structure. An attacker can use this vulnerability to execute code with low integrity in the context of the current process.
Join Our RealMi Central Channel On Telegram
The severity of the vulnerability is moderate because it requires the attacker to have elevated their privileges on your system. Microsoft has released an update to the software to fix this problem, but Windows 11 users don’t have to worry because the software will no longer be pre-installed in the operating system.
If you like our news and you want to see such news even further, then follow RealMi Central on Google News, Telegram (RealMi Central, Xiaomi, Apple, Realme, Samsung, Microsoft, OnePlus, Huawei/Honor, Android 12), Twitter, Facebook (Page) (Group) & Instagram.