3D Builder Remote Code Execution Vulnerability
CVE-2023-23390

7.8HIGH

Key Information:

Vendor: Microsoft
Status: 3d Builder
Vendor: CVE Published:; 14 February 2023

What is CVE-2023-23390?

A remote code execution vulnerability has been identified in 3D Builder, a graphic design application from Microsoft. This flaw could allow an attacker to execute arbitrary code on the affected system if a user opens a specially crafted file within 3D Builder. It is critical for users and administrators to apply necessary patches promptly to mitigate potential exploitation risks and safeguard against unauthorized access.

Affected Version(s)

3D Builder Unknown 20.0.0 < 20.0.2.0

References

https://msrc.microsoft.com/update-guide/vulnerability/CVE...

vendor-advisory

CVSS V3.1

Score:

7.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Feb 14, 2023
Vulnerability Reserved
Jan 11, 2023