Beware of Remote Code Execution Bug in Microsoft Paint 3D

CVECVE-2023-32047
CVSScvssV3_1: 7.8
SourceCVE-2023-32047

Microsoft Paint 3D, the simple 3D modeling and painting program from Microsoft, was found to have a serious remote code execution vulnerability. The vulnerability, tracked as CVE-2023-32047, has been given a CVSS score of 7.8 out of 10 indicating its potential impact.

This vulnerability could allow a remote attacker to execute arbitrary code on a targeted system running Paint 3D. All an attacker needs to do is send a specially crafted file or project to open in Paint 3D. Once opened, the malicious file could exploit the bug to run any code the attacker desires on the victim’s machine without their knowledge or consent.

As Paint 3D is commonly pre-installed on many Windows devices, this makes exploiting the vulnerability relatively easy for attackers. They could carry out further attacks by installing malware, stealing sensitive data like passwords and financial details, or taking complete control of the affected systems.

The best way for Paint 3D users to protect themselves is to uninstall the software or update to the latest version, which contains fixes for this vulnerability. Microsoft has released an update, so users should check for and install any available updates as soon as possible. Users should also be cautious about opening files from unknown or untrusted sources within Paint 3D or any other software until their systems are fully patched.

References