Security News > 2021 > June > We've found another reason not to use Microsoft's Paint 3D – researchers
As Microsoft preps the next version of Windows, a hole has been spotted in an earlier Great Hope for the company: MS Paint 3D. The raster graphics and 3D modelling app was part of Microsoft's Creators Update back in 2016 and was released in 2017.
The idea was that users would embrace its support for 3D objects and ditch the ancient Microsoft Paint for the new shiny.
Things did not turn out quite that way, and Microsoft Paint continues to endure while Paint 3D looks set to follow many of the company's ambitions, ultimately shuffling quietly off into the graveyard where Zune, Band and Media Center are buried.
The vulnerability, designated CVE-2021-31946, could let miscreants execute arbitrary code on affected versions of Paint 3D when visiting a malicious page or opening a malicious file.
How much longer Paint 3D itself will endure is an open question.
Recent Windows Insider builds have quietly removed some 3D bits and pieces from the installation and The Register understands that while Paint endures, Paint 3D is not present in the leaked Windows 11 build.
News URL
https://go.theregister.com/feed/www.theregister.com/2021/06/16/3d_paint_vuln/
Related Vulnerability
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-06-08 | CVE-2021-31946 | Unspecified vulnerability in Microsoft Paint 3D Paint 3D Remote Code Execution Vulnerability | 7.8 |