CVE-2023-36771

CVSS 3.1 Score 7.8 of 10 (high)

Details

Published Sep 12, 2023

Updated: May 29, 2024

CWE ID 122

Summary

CVE-2023-36771 is a remote code execution vulnerability affecting Microsoft 3D Builder. An attacker can exploit this issue by crafting a specially crafted 3D model file, which, when opened in 3D Builder, can lead to the execution of arbitrary code on the victim's system. Successful exploitation may result in unauthorized system access, data theft, or further compromise. Users are strongly advised to update 3D Builder to the latest version or disable the application to mitigate this risk.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Microsoft 3D Builder

Affected Vendors

Microsoft

Advisories, Assessments, and Mitigations

https://app.recordedfuture.com/live/sc/entity/rzcZbq
https://www.cve.org/CVERecord?id=CVE-2023-36771
https://nvd.nist.gov/vuln/detail/CVE-2023-36771

Back to Vulnerability Database