Microsoft Paint 3D Remote Code Execution [CVE-2021-31945]

A vulnerability has been found in Microsoft Paint 3D (affected version unknown) and classified as critical. As an impact, it is known to affect confidentiality, integrity, and availability. The summary by CVE isPaint 3D Remote Code Execution Vulnerability This CVE ID is unique from CVE-2021-31946, CVE-2021-31983.

 

The weakness was published 06/08/2021 as confirmed security guidance (Website). The advisory is shared at portal.msrc.microsoft.com. This vulnerability is known as CVE-2021-31945 since 04/30/2021. The exploitation appears to be easy. The attack can be launched remotely. The exploitation doesn’t need any form of authentication. It demands that the victim is doing some kind of user interaction. Neither technical details nor an exploit are publicly available. The price for an exploit might be around USD $5k-$25k at the moment (estimation calculated on 06/10/2021).

 

Applying a patch is able to eliminate this problem. A possible mitigation has been published immediately after the disclosure of the vulnerability.

Common Vulnerabilityies and Exposures

Contact us to get started

CVE-2024-1451 : GITLAB COMMUNITY EDITION/ENTERPRISE EDITION UP TO 16.9.0 USER PROFILE PAGE CROSS SITE SCRIPTING

CVE-2024-1451 : GITLAB COMMUNITY EDITION/ENTERPRISE EDITION UP TO 16.9.0 USER PROFILE PAGE CROSS SITE SCRIPTING

Description An issue has been discovered in GitLab CE/EE affecting all versions starting from 16.9 before 16.9.1. A crafted payload

CVE-2023-52439 : LINUX KERNEL UP TO 6.7.0 UIO IDR_FIND USE AFTER FREE

CVE-2023-52439 : LINUX KERNEL UP TO 6.7.0 UIO IDR_FIND USE AFTER FREE

Description In the Linux kernel, the following vulnerability has been resolved: uio: Fix use-after-free in uio_open core-1 core-2 ——————————————————- uio_unregister_device

CVE-2024-25710 : APACHE COMMONS COMPRESS UP TO 1.25.0 INFINITE LOOP

CVE-2024-25710 : APACHE COMMONS COMPRESS UP TO 1.25.0 INFINITE LOOP

Description Loop with Unreachable Exit Condition (‘Infinite Loop’) vulnerability in Apache Commons Compress. This issue affects Apache Commons Compress: from