Lucene search

Kaspersky LabKLA60570

HistorySep 12, 2023 - 12:00 a.m.

KLA60570 Multiple vulnerabilities in Microsoft Apps

2023-09-1200:00:00

Kaspersky Lab

threats.kaspersky.com

microsoft

apps

vulnerabilities

arbitrary code

updates

windows update

3d builder

3d viewer

autodesk® fbx® sdk 2020

cve-2023-36770

cve-2023-36772

cve-2023-36740

cve-2023-36760

cve-2023-36739

cve-2022-41303

cve-2023-36771

cve-2023-36773

ace

kaspersky.

7.8 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

8.7 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

45.3%

JSON

Multiple vulnerabilities were found in Microsoft Apps. Malicious users can exploit these vulnerabilities to execute arbitrary code.

Below is a complete list of vulnerabilities:

A remote code execution vulnerability in 3D Builder can be exploited remotely to execute arbitrary code.
A remote code execution vulnerability in 3D Viewer can be exploited remotely to execute arbitrary code.
A remote code execution vulnerability in Autodesk FBX SDK 2020 can be exploited remotely to execute arbitrary code.

Original advisories

Related products

3D-Viewer

3D-Builder

CVE list

CVE-2023-36770 critical

CVE-2023-36772 critical

CVE-2023-36740 critical

CVE-2023-36760 critical

CVE-2023-36739 critical

CVE-2022-41303 critical

CVE-2023-36771 critical

CVE-2023-36773 critical

KB list

Solution

Install necessary updates from the KB section, that are listed in your Windows Update (Windows Update usually can be accessed from the Control Panel)

Impacts

Arbitrary code execution. Exploitation of vulnerabilities with this impact can lead to executing by abuser any code or commands at vulnerable machine or process.

Security bypass. Exploitation of vulnerabilities with this impact can lead to performing actions restricted by current security settings.