The problem comes when opening STL files (a format native to the stereolithography CAD software created by 3D Systems, according to Mat Powell, senior staff vulnerability researcher at Trend Micro’s ZDI.) The issue is a good old fashioned parsing cockup where an out-of-bounds read occurs that could result in code execution in the context of the current process. The vulnerability, designated CVE-2021-31946, could let miscreants execute arbitrary code on affected versions of Paint 3D when visiting a malicious page or opening a malicious file. I know I've made some very poor decisions recently, but I can give you my complete assurance that.
0 Comments
Leave a Reply. |