Lucene search
Mat Powell of Trend Micro Zero Day InitiativeZDI-21-909HistoryJul 29, 2021 - 12:00 a.m.
(0Day) Microsoft 3D Viewer 3MF File Parsing Use-After-Free Remote Code Execution Vulnerability
2021-07-2900:00:00
Mat Powell of Trend Micro Zero Day Initiative
www.zerodayinitiative.com
40
EPSS
0.018
Percentile
88.4%
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Microsoft 3D Viewer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of 3MF files. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process at low integrity.
Related
mscve
mscve
3D Viewer Remote Code Execution Vulnerability
2021-11-09 08:00:00
cvelist
cvelist
CVE-2021-43209 3D Viewer Remote Code Execution Vulnerability
2021-11-10 00:47:49
nvd
nvd
CVE-2021-43209
2021-11-10 01:19:54
cve
cve
CVE-2021-43209
2021-11-10 01:19:54
prion
prion
Remote code execution
2021-11-10 01:19:00
kaspersky
kaspersky
KLA12340 RCE vulnerabilities in Microsoft Apps
2021-11-09 00:00:00
nessus
nessus
Microsoft 3D Viewer Multiple Vulnerabilities (November 2021)
2021-11-09 00:00:00
hivepro
hivepro
Microsoftβs Patch Tuesday Security Updates for November
2021-11-10 11:20:36
qualysblog
qualysblog
malwarebytes
malwarebytes
thn
thn