Paint 3D Remote Code Execution Vulnerability
CVE-2023-35374

7.8HIGH

Key Information:

Vendor: Microsoft
Status: Paint 3d
Vendor: CVE Published:; 11 July 2023

What is CVE-2023-35374?

A vulnerability in Paint 3D allows attackers to execute remote code on affected systems. By leveraging this flaw, malicious actors can gain unauthorized access, compromising the integrity and security of user data. Users are encouraged to apply patches and follow security best practices to safeguard their systems against potential exploitation. For detailed information and mitigation strategies, visit the vendor's advisory.

Affected Version(s)

Paint 3D Unknown 6.0.0 < 6.2305.16087.0

References

https://msrc.microsoft.com/update-guide/vulnerability/CVE...

vendor-advisory

CVSS V3.1

Score:

7.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jul 11, 2023
Vulnerability Reserved
Jun 14, 2023

Microsoft

What is CVE-2023-35374?

Affected Version(s)

References

CVSS V3.1

Timeline