Paint 3D for Windows 10 had a Remote Code Execution flaw

Reading time icon 2 min. read


Readers help support MSpoweruser. We may get a commission if you buy through our links. Tooltip Icon

Read our disclosure page to find out how can you help MSPoweruser sustain the editorial team Read more

Microsoft’s Paint 3D was never popular, but it turns out the app was also actually dangerous to your system health after ZDI researchers discovered a Remote Code Execution Flaw in the 3D modelling software.

The exploit, which was discovered by fuzzing, requires a user to load a compromised file and has now been patched by Microsoft in the latest Patch Tuesday.

The issue is described in CVE-2021-31946 and reads as such:

Microsoft Paint 3D GLB File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Microsoft Paint 3D. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.

The specific flaw exists within the parsing of GLB files. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated data structure. An attacker can leverage this vulnerability to execute code in the context of the current process at low integrity.

The flaw had a medium severity, as it required that the attacker had already escalated their privileges on your system.

Microsoft has issued an update to the software which fixes the issue, but Windows 11 users need not worry, as the software is no longer pre-installed in that OS.

User forum

0 messages