Security Flaw in Paint 3D Allows Remote Code Execution

Security Flaw in Paint 3D Allows Remote Code Execution

Windows 10 introduced a series of applications in order to facilitate the daily work of users but, to be honest, we have surely never used it. Of all the bloatware in this operating system, two main programs stand out. The first one is Paint 3D , a 3-dimensional shape editor, and the second, related to it, ” 3D Objects “, a directory designed to store this type of content. These items have never been particularly popular, but what if they are putting your PC at risk?

Failures like this, which surely we would not have imagined, are the reason why we recommend always having Windows with the least number of essential programs installed. The greater the number of software on the PC, the greater the probability that one has a failure of this type and could endanger our PC.

interfaz paint 3d

A bug in Paint 3D allows code to run in Windows

A few hours ago, a ZDI researcher released information about a zero-day glitch in Paint 3D, Microsoft‘s three-dimensional modeling software. This security flaw has a public exploit that is circulating on the network, so there are probably hackers taking advantage of this vulnerability.

The security flaw discovered in this tool is the RCE type, that is, it allows remote code to be executed on any computer that has this software installed. For the exploit to work it is necessary for the user to open a 3D model manually in the program. These files are downloaded from malicious websites, and use social engineering to trick the victim into opening them.

The vulnerability is specifically in the process of analyzing GLB files. The absence of adequate validation of the data provided by the user through the file allows the program to read the data beyond the end of the data structure. In this way, an attacker can hide code after the data structures of Paint 3D files. When opened, the program accesses this data and manages to execute code within the current process with low integrity.

How to protect ourselves from this failure

The vulnerability was registered under the code CVE-2021-31946 and has received a dangerous score of 7.8 out of 10. Furthermore, although it has not been given much popularity, it has already been fixed in the latest security patches released by Microsoft for Windows 10.

The fastest way to protect our computer from this security problem is by downloading and installing the latest Microsoft updates from Windows Update . We recall that the June security patches, in addition to enabling the News and Interests bar for everyone, corrected 7 zero-day security bugs, 6 of which were being actively exploited on the network.

Another way to protect ourselves, without updating the PC, is to completely erase Paint 3D from Windows 10.

Users already testing Windows 11 need not worry. Finally, Microsoft has realized that this program is not used by absolutely anyone. And, luckily, you have decided not to have it installed by default in this new version of the OS.