3D Builder Remote Code Execution Vulnerability Affects Windows Users

CVECVE-2023-23390
CVSScvssV3_1: 7.8
SourceCVE-2023-23390

The 3D Builder app included in Windows has a remote code execution vulnerability that could allow an attacker to execute arbitrary code on affected systems.

3D Builder is a 3D modeling app developed by Microsoft that allows users to view, edit and print 3D objects. However, researchers found that it is possible to craft a specially crafted 3D file that could exploit a bug in 3D Builder and execute malicious code remotely without any user interaction.

An attacker could host a boobytrapped 3D file online or send it via email under the guise of an innocent file. Once opened by an unsuspecting user in 3D Builder, the vulnerability could be exploited to install malware, steal sensitive data or take complete control of the affected computer.

The vulnerability received a CVSS score of 7.8, making it a serious remote code execution flaw. To stay protected, Windows users should ensure they have installed the latest updates for 3D Builder and Windows to patch this vulnerability. It is also recommended to exercise caution when opening 3D files from untrusted sources online or received via email until an update is applied.

References