Microsoft Paint 3D Remote Code Execution [CVE-2021-31945]

A vulnerability has been found in Microsoft Paint 3D (affected version unknown) and classified as critical. As an impact, it is known to affect confidentiality, integrity, and availability. The summary by CVE isPaint 3D Remote Code Execution Vulnerability This CVE ID is unique from CVE-2021-31946, CVE-2021-31983.

The weakness was published 06/08/2021 as confirmed security guidance (Website). The advisory is shared at portal.msrc.microsoft.com. This vulnerability is known as CVE-2021-31945 since 04/30/2021. The exploitation appears to be easy. The attack can be launched remotely. The exploitation doesn’t need any form of authentication. It demands that the victim is doing some kind of user interaction. Neither technical details nor an exploit are publicly available. The price for an exploit might be around USD $5k-$25k at the moment (estimation calculated on 06/10/2021).

Applying a patch is able to eliminate this problem. A possible mitigation has been published immediately after the disclosure of the vulnerability.

Contact us to get started

CVE-2024-20418 : CISCO IOS XE CONTROLLER WEB-BASED MANAGEMENT INTERFACE COMMAND INJECTION

Description A vulnerability in the web-based management interface of Cisco Unified Industrial Wireless Software for Cisco Ultra-Reliable Wireless Backhaul (URWB)

Learn more

CVE-2024-20536 : CISCO DATA CENTER NETWORK MANAGER 12.1.2E/12.1.2P/12.1.3B WEB-BASED MANAGEMENT INTERFACE/REST API ENDPOINT SQL INJECTION

Description A vulnerability in a REST API endpoint and web-based management interface of Cisco Nexus Dashboard Fabric Controller (NDFC) could

Learn more

CVE-2024-50340 : SYMFONY INJECTION

Description symfony/runtime is a module for the Symphony PHP framework which enables decoupling PHP applications from global state. When the

Learn more