Substance3D Painter Users Beware of Malicious Files

CVECVE-2024-20744
CVSScvssV3_1: 7.8
SourceCVE-2024-20744

Substance3D Painter, a 3D painting and texturing software, has a vulnerability in versions 9.1.1 and earlier that could allow hackers to take control of your computer.

The flaw is an “out-of-bounds write” bug that happens when Painter opens specially crafted files. This can trick the software into storing code in memory in a way that lets hackers run their own commands.

Attackers could create malicious files disguising as regular 3D textures or materials. If an unsuspecting Painter user opens one of these files, the hacker’s code would execute automatically with the same privileges as the user. They would then be able to install malware, view and steal files, or use the compromised computer for other criminal schemes.

The best way to protect yourself is to always be cautious about opening files from unknown or untrusted sources. You should also update to the latest version of Substance3D Painter, which fixes this vulnerability. Version 9.1.1 and earlier are affected, so be sure to update immediately if you have an older version installed.

Staying vigilant against suspicious files is key to avoiding this attack. Keep your software up-to-date as well to close holes that cybercriminals could exploit. Taking these small precautions can help keep your creative work and personal information safe.

References