A vulnerability was found in Microsoft Paint 3D (affected version not known) and classified as critical. Impacted is confidentiality, integrity, and availability. CVE summarizes:

Paint 3D Remote Code Execution Vulnerability This CVE ID is unique from CVE-2021-31945, CVE-2021-31983.

The weakness was released 06/08/2021 as confirmed security guidance (Website). The advisory is available at portal.msrc.microsoft.com. This vulnerability is handled as CVE-2021-31946 since 04/30/2021. The exploitation is known to be easy. The attack may be launched remotely. No form of authentication is required for exploitation. Successful exploitation requires user interaction by the victim. The technical details are unknown and an exploit is not available. The structure of the vulnerability defines a possible price range of USD $5k-$25k at the moment (estimation calculated on 06/10/2021).

Applying a patch is able to eliminate this problem. A possible mitigation has been published immediately after the disclosure of the vulnerability.