They discover a vulnerability in Paint 3D that could allow remote code execution on our computers
Table of contents:
Paint 3D is the tool that Microsoft launched in its day to replace the popular Paint, the evolution of one of the most important functions of Windows that has been with us since we almost have memory and a successor that now we know, has been the object of a vulnerability until recently
The truth is that Paint 3D has never enjoyed the popularity of its predecessor and that is why it attracts attention when it is in the news like now. And it is that ZDI researchers have discovered that it suffers from a bug that can allow remote code execution on our computers
A medium degree vulnerability
Focused for use in the worlds of mixed reality and the creation of 3D content and although it is not included by default in Windows 11 Yes, it can be downloaded from the Microsoft Store at this link.
And now, ZDI (Zero Day Initiative) researchers have discovered a security hole that could allow remote code execution in 3D modeling software. A bug that, yes, has been corrected by Microsoft in Patch Tuesday in June.
The vulnerability, which was discovered by fuzzing, requires a user to upload a compromised file, a flaw that appears with the CVE key -2021-31946:
Thanks to this flaw, an attacker could exploit this vulnerability to execute code in the context of the current process with low integrity, However, since it requires the attacker to have already escalated their privileges on your system, it was considered medium severity.
Microsoft has released an update that fixes the bug, a security breach that was notified to the company on February 2, 2021 and that it was announced on June 6 following the established protocol.
Paint 3D
- Download it at: Microsoft Store
- Price: Free
- Category: Productivity
