3D Builder Remote Code Execution Vulnerability Affects Windows Users

CVECVE-2023-21781
CVSScvssV3_1: 7.8
SourceCVE-2023-21781

The 3D Builder app included in Windows has a remote code execution vulnerability that could allow an attacker to execute arbitrary code on affected systems.

3D Builder is a 3D modeling app by Microsoft that allows users to view, edit and print 3D objects. However, researchers found that it is possible to craft a specially crafted 3D file that could exploit a bug in 3D Builder and execute malicious code remotely without any user interaction.

An attacker could host a boobytrapped 3D file online or send it via email under the pretext of an innocent file. Once opened in 3D Builder, the vulnerability would be exploited and the attacker’s code would run with the same privileges as the 3D Builder process without the user’s knowledge.

This could allow the installation of malware, ransomware or spyware on the target system. Sensitive information like passwords, bank details or company secrets could then be stolen. In a worst case, the whole system could be taken over.

The best way for users to protect themselves is to keep Windows and all apps like 3D Builder updated with the latest patches. Also be wary of opening untrusted 3D files, especially from unknown senders via email or downloads from suspicious websites. Using an antivirus program can also help detect and block any malware exploited through this vulnerability.

References