CVE-2021-4017
published 2021-12-01CVE-2021-4017: showdoc is vulnerable to Cross-Site Request Forgery (CSRF)
PriorityP434high8.8CVSS 3.1
AVNACLPRNUIRSUCHIHAH
EPSS
0.60%
44.0th percentile
showdoc is vulnerable to Cross-Site Request Forgery (CSRF)
Affected
4 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| msrc | paint_3d | — | — |
| showdoc | showdoc | < 2.9.13 | 2.9.13 |
| showdoc | showdoc | >= 0 < 2.9.13 | 2.9.13 |
| star7th | star7th_showdoc | >= unspecified < v2.9.13 | v2.9.13 |
CVSS provenance
nvdv3.18.8HIGHCVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
nvdv3.07.3HIGHCVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N
nvdv2.06.8MEDIUMAV:N/AC:M/Au:N/C:P/I:P/A:P
vendor_msrc7.8HIGH
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
OSV
showdoc is vulnerable to Cross-Site Request Forgery (CSRF)
osv·2021-12-03
CVE-2021-4017 [HIGH] showdoc is vulnerable to Cross-Site Request Forgery (CSRF)
showdoc is vulnerable to Cross-Site Request Forgery (CSRF)
showdoc is vulnerable to Cross-Site Request Forgery (CSRF)
GHSA
showdoc is vulnerable to Cross-Site Request Forgery (CSRF)
ghsa·2021-12-03
CVE-2021-4017 [HIGH] CWE-352 showdoc is vulnerable to Cross-Site Request Forgery (CSRF)
showdoc is vulnerable to Cross-Site Request Forgery (CSRF)
showdoc is vulnerable to Cross-Site Request Forgery (CSRF)
Microsoft
Paint 3D Remote Code Execution Vulnerability
vendor_msrc·2021-06-08·CVSS 7.8
CVE-2021-31945 [HIGH] Paint 3D Remote Code Execution Vulnerability
Paint 3D Remote Code Execution Vulnerability
FAQ: How do I get the updated app?
The Microsoft Store will automatically update affected customers. Alternatively, customers can get the update immediately; see here for details.
It is possible for customers to disable automatic updates for the Microsoft Store. The Microsoft Store will not automatically install this update for those customers.
My system is in a disconnected environment; is it vulnerable?
Customers using the Microsoft Store for Business and Microsoft Store for Education can get this update through their organizations.
How can I check if the update is installed?
App package versions 6.2105.4017.0 and later contain this update.
You can check the package version in PowerShell:
Get-AppxPackage -Name Microsoft.MSPaint
FAQ: Accordin
Microsoft
Paint 3D Remote Code Execution Vulnerability
vendor_msrc·2021-06-08·CVSS 7.8
CVE-2021-31946 [HIGH] Paint 3D Remote Code Execution Vulnerability
Paint 3D Remote Code Execution Vulnerability
FAQ: How do I get the updated app?
The Microsoft Store will automatically update affected customers. Alternatively, customers can get the update immediately; see here for details.
It is possible for customers to disable automatic updates for the Microsoft Store. The Microsoft Store will not automatically install this update for those customers.
My system is in a disconnected environment; is it vulnerable?
Customers using the Microsoft Store for Business and Microsoft Store for Education can get this update through their organizations.
How can I check if the update is installed?
App package versions 6.2105.4017.0 and later contain this update.
You can check the package version in PowerShell:
Get-AppxPackage -Name Microsoft.MSPaint
FAQ: Accordin
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2021-12-01
Published