A vulnerability has been found in Microsoft Paint 3D (affected version unknown) and classified as critical. As an impact, it is known to affect confidentiality, integrity, and availability. The summary by CVE isPaint 3D Remote Code Execution Vulnerability This CVE ID is unique from CVE-2021-31946, CVE-2021-31983.

The weakness was published 06/08/2021 as confirmed security guidance (Website). The advisory is shared at portal.msrc.microsoft.com. This vulnerability is known as CVE-2021-31945 since 04/30/2021. The exploitation appears to be easy. The attack can be launched remotely. The exploitation doesn’t need any form of authentication. It demands that the victim is doing some kind of user interaction. Neither technical details nor an exploit are publicly available. The price for an exploit might be around USD $5k-$25k at the moment (estimation calculated on 06/10/2021).

Applying a patch is able to eliminate this problem. A possible mitigation has been published immediately after the disclosure of the vulnerability.