Cybersecurity specialists report the discovery of a dangerous vulnerability in Microsoft 3D Viewer, a 3D object visualization and augmented reality tool first launched in Windows 10 1703. According to the report, successful exploitation of this flaw would allow threat actors to execute arbitrary code in the affected implementations.

The vulnerability requires user interaction to be successfully exploited, tricking affected users into visiting malicious websites or downloading malware-infested files.

Apparently, the fault lies specifically in the analysis of 3MF files and is the result of the lack of verification for the existence of objects before performing operations. Threat actors can exploit the flaw for code execution in the context of the current process with low integrity. This bug was reported to Microsoft through The Zero Day Initiative (ZDI) by cybersecurity specialist Mat Powell.

The report was sent by ZDI to Microsoft along with a request to publish this flaw as a zero-day vulnerability. While the company received the report and indicated that it did not meet the characteristics set for analysis as a zero-day failure, it was agreed to conduct a detailed review.

So far there are no security patches available, so given the nature of the vulnerability, specialists say that the only way to mitigate the risk of exploitation is to restrict any interaction with the affected application, at least until the release of the security patches.

To learn more about information security risks, malware variants, vulnerabilities and information technologies, feel free to access the International Institute of Cyber Security (IICS) websites.

The post Zero-day remote code execution vulnerability in Windows 10 3D Viewer. No patch available so don’t open any file Microsoft appeared first on Information Security Newspaper | Hacking News.

You May Also Like

CVE-2021-1675: Zero-day vulnerability in Windows printer service with an exploit available in all operating system versions

Cybersecurity experts report that a proof of concept (PoC) exploit and technical…

Philips Interoperability Solution has a clear text transmission vulnerability that can cause medical records data breach in hospitals worldwide. Patch now

Cybersecurity specialists reported the finding of a critical vulnerability in Interoperability Solution…

3 XSS vulnerabilities in IBM Security QRadar SOAR: Update immediately

Cybersecurity specialists reported the detection of multiple vulnerabilities in IBM Security QRadar…