Msrc 3D Viewer vulnerabilities

CVE-2024-20677 [HIGH] CWE-122 Microsoft Office Remote Code Execution Vulnerability Microsoft Office Remote Code Execution Vulnerability Description: A security vulnerability exists in FBX that could lead to remote code execution. To mitigate this vulnerability, the ability to insert FBX files has been disabled in Word, Excel, PowerPoint and Outlook for Windows and Mac. Versions of Office that had this feature enabled will no longer have access to it. This includes Office 2019, Office 2021, Offi

CVE-2023-36739 [HIGH] CWE-122 3D Viewer Remote Code Execution Vulnerability 3D Viewer Remote Code Execution Vulnerability FAQ: According to the CVSS metric, the attack vector is local (AV:L). Why does the CVE title indicate that this is a remote code execution? The word Remote in the title refers to the location of the attacker. This type of exploit is sometimes referred to as Arbitrary Code Execution (ACE). The attack itself is carried out locally. This means an attacker or victim needs to exe

CVE-2023-36740 [HIGH] CWE-122 3D Viewer Remote Code Execution Vulnerability 3D Viewer Remote Code Execution Vulnerability FAQ: According to the CVSS metric, the attack vector is local (AV:L). Why does the CVE title indicate that this is a remote code execution? The word Remote in the title refers to the location of the attacker. This type of exploit is sometimes referred to as Arbitrary Code Execution (ACE). The attack itself is carried out locally. This means an attacker or victim needs to exe

CVE-2023-36760 [HIGH] CWE-416 3D Viewer Remote Code Execution Vulnerability 3D Viewer Remote Code Execution Vulnerability FAQ: According to the CVSS metric, the attack vector is local (AV:L). Why does the CVE title indicate that this is a remote code execution? The word Remote in the title refers to the location of the attacker. This type of exploit is sometimes referred to as Arbitrary Code Execution (ACE). The attack itself is carried out locally. This means an attacker or victim needs to exe

CVE-2022-41303 [HIGH] AutoDesk: CVE-2022-41303 use-after-free vulnerability in Autodesk® FBX® SDK 2020 or prior AutoDesk: CVE-2022-41303 use-after-free vulnerability in Autodesk® FBX® SDK 2020 or prior FAQ: Why is this AutoDesk CVE included in the Security Update Guide? The vulnerability assigned to this CVE is in AutoDesk software which is consumed by the Microsoft products listed in the Security Updates table. It is being documented in the Security Update Guide to announce that the latest bui

CVE-2023-27911 [HIGH] CWE-122 AutoDesk: CVE-2023-27911 Heap buffer overflow vulnerability in Autodesk® FBX® SDK 2020 or prior AutoDesk: CVE-2023-27911 Heap buffer overflow vulnerability in Autodesk® FBX® SDK 2020 or prior FAQ: Why is this AutoDesk CVE included in the Security Update Guide? The vulnerability assigned to this CVE is in AutoDesk software which is consumed by the Microsoft products listed in the Security Updates table. It is being documented in the Security Update Guide to announce

CVE-2023-27909 [HIGH] CWE-122 AutoDesk: CVE-2023-27909 Out-Of-Bounds Write Vulnerability in Autodesk® FBX® SDK 2020 or prior AutoDesk: CVE-2023-27909 Out-Of-Bounds Write Vulnerability in Autodesk® FBX® SDK 2020 or prior FAQ: Why is this AutoDesk CVE included in the Security Update Guide? The vulnerability assigned to this CVE is in AutoDesk software which is consumed by the Microsoft products listed in the Security Updates table. It is being documented in the Security Update Guide to announce t

CVE-2021-43208 [HIGH] 3D Viewer Remote Code Execution Vulnerability 3D Viewer Remote Code Execution Vulnerability FAQ: How do I get the updated app? The Microsoft Store will automatically update affected customers. Alternatively, customers can get the update immediately; see here for details. It is possible for customers to disable automatic updates for the Microsoft Store. The Microsoft Store will not automatically install this update for those customers. Customers using the Microsoft Store fo

CVE-2021-43209 [HIGH] 3D Viewer Remote Code Execution Vulnerability 3D Viewer Remote Code Execution Vulnerability FAQ: How do I get the updated app? The Microsoft Store will automatically update affected customers. Alternatively, customers can get the update immediately; see here for details. It is possible for customers to disable automatic updates for the Microsoft Store. The Microsoft Store will not automatically install this update for those customers. Customers using the Microsoft Store fo

CVE-2021-31943 [HIGH] 3D Viewer Remote Code Execution Vulnerability 3D Viewer Remote Code Execution Vulnerability FAQ: How do I get the updated app? The Microsoft Store will automatically update affected customers. Alternatively, customers can get the update immediately; see here for details. It is possible for customers to disable automatic updates for the Microsoft Store. The Microsoft Store will not automatically install this update for those customers. My system is in a disconnected environ

CVE-2021-31942 [HIGH] 3D Viewer Remote Code Execution Vulnerability 3D Viewer Remote Code Execution Vulnerability FAQ: How do I get the updated app? The Microsoft Store will automatically update affected customers. Alternatively, customers can get the update immediately; see here for details. It is possible for customers to disable automatic updates for the Microsoft Store. The Microsoft Store will not automatically install this update for those customers. My system is in a disconnected environ

CVE-2021-31944 [MEDIUM] 3D Viewer Information Disclosure Vulnerability 3D Viewer Information Disclosure Vulnerability FAQ: How do I get the updated app? The Microsoft Store will automatically update affected customers. Alternatively, customers can get the update immediately; see here for details. It is possible for customers to disable automatic updates for the Microsoft Store. The Microsoft Store will not automatically install this update for those customers. My system is in a disconnected env

CVE-2020-17003 [HIGH] Base3D Remote Code Execution Vulnerability Base3D Remote Code Execution Vulnerability Description: A remote code execution vulnerability exists when the Base3D rendering engine improperly handles memory. An attacker who successfully exploited the vulnerability would gain execution on a victim system. The security update addresses the vulnerability by correcting how the Base3D rendering engine handles memory. Microsoft Office: Microsoft Office Issuing CNA: Microsoft Impa

CVE-2020-16918 [HIGH] Base3D Remote Code Execution Vulnerability Base3D Remote Code Execution Vulnerability Description: A remote code execution vulnerability exists when the Base3D rendering engine improperly handles memory. An attacker who successfully exploited the vulnerability would gain execution on a victim system. The security update addresses the vulnerability by correcting how the Base3D rendering engine handles memory. FAQ: Is the Preview Pane an attack vector for this vulnerability