Use-after-free vulnerability in FBX's SDK in Microsoft Office 2016, Paint 3D and 3D Viewer - CVE-2020-7082ID: oval:org.secpod.oval:def:62833 | Date: (C)2020-04-23 (M)2023-07-13 |
Class: VULNERABILITY | Family: windows |
Microsoft is announcing the release of updates to address multiple vulnerabilities found in the Autodesk FBX library which is integrated into certain Microsoft applications. Remote code execution vulnerabilities exist in Microsoft products that utilize the FBX library when processing specially crafted 3D content. An attacker who successfully exploited these vulnerabilities could gain the same user rights as the local user. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights. To exploit the vulnerabilities, an attacker must send a specially crafted file containing 3D content to a user and convince them to open it. The security updates address these vulnerabilities by correcting the way 3D content is handled by Microsoft software.
Platform: |
Microsoft Windows Server 2022 |
Microsoft Windows 11 |
Microsoft Windows 7 |
Microsoft Windows 8.1 |
Microsoft Windows Server 2008 |
Microsoft Windows Server 2012 |
Microsoft Windows Server 2012 R2 |
Microsoft Windows 10 |
Microsoft Windows Server 2008 R2 |
Microsoft Windows Server 2016 |
Microsoft Windows Server 2019 |
Product: |
Microsoft 365 Apps for Enterprise |
Microsoft Paint 3D |
Microsoft 3D Viewer |