Login Sign Up

CVE-2021-31942

7.8 HIGH
Remote Code Execution

📋 TL;DR

CVE-2021-31942 is a remote code execution vulnerability in Microsoft's 3D Viewer application that allows attackers to execute arbitrary code by tricking users into opening a specially crafted 3D file. This affects Windows users who have 3D Viewer installed and can be exploited without authentication if users interact with malicious files.

💻 Affected Systems

Products:
  • Microsoft 3D Viewer
Versions: All versions prior to the July 2021 security update
Operating Systems: Windows 10, Windows 11
Default Config Vulnerable: ⚠️ Yes
Notes: 3D Viewer is pre-installed on many Windows systems and available through Microsoft Store. The vulnerability requires user interaction to open a malicious file.

📦 What is this software?

3d Viewer by Microsoft

View all CVEs affecting 3d Viewer →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Full system compromise with attacker gaining the same privileges as the logged-in user, potentially leading to data theft, ransomware deployment, or lateral movement within the network.

🟠

Likely Case

Local privilege escalation or malware installation on individual workstations when users open malicious 3D files from email attachments or downloads.

🟢

If Mitigated

Limited impact with proper user training and application control policies preventing execution of untrusted files.

🌐 Internet-Facing: MEDIUM
🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: UNKNOWN
Unauthenticated Exploit: ⚠️ Yes
Complexity: MEDIUM

Exploitation requires user interaction (opening a malicious file). No public proof-of-concept has been disclosed as of knowledge cutoff.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: July 2021 security update for 3D Viewer

Vendor Advisory: https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-31942

Restart Required: No

Instructions:

1. Open Microsoft Store. 2. Click on 'Library' in bottom left. 3. Click 'Get updates' to update all apps. 4. Alternatively, search for '3D Viewer' in Store and update directly. 5. Verify 3D Viewer is updated to latest version.

🔧 Temporary Workarounds

Disable 3D Viewer file associations

windows

Prevent 3D files from automatically opening in 3D Viewer

Open Settings > Apps > Default apps > Choose default apps by file type > Remove .3mf, .stl, .obj associations from 3D Viewer

Uninstall 3D Viewer

windows

Remove the vulnerable application entirely

Open PowerShell as Administrator
Get-AppxPackage *3dviewer* | Remove-AppxPackage

🧯 If You Can't Patch

  • Implement application control policies to block execution of 3D Viewer
  • Educate users about risks of opening untrusted 3D files and implement email filtering for suspicious attachments

🔍 How to Verify

Check if Vulnerable:

Check 3D Viewer version in Microsoft Store or via PowerShell: Get-AppxPackage *3dviewer* | Select Version

Check Version:

Get-AppxPackage *3dviewer* | Select Version

Verify Fix Applied:

Verify 3D Viewer version is 7.2107.4012.0 or later

📡 Detection & Monitoring

Log Indicators:

  • Windows Event Logs showing 3D Viewer crashes or unexpected process creation
  • Security logs showing blocked execution attempts if application control is enabled

Network Indicators:

  • Unusual outbound connections from 3DViewer.exe process
  • Downloads of 3D files from suspicious sources

SIEM Query:

Process Creation where Image contains '3DViewer.exe' AND CommandLine contains suspicious file extensions (.3mf, .stl, .obj) from untrusted locations

📊 Metadata

CVE ID: CVE-2021-31942
CVSS v3 Score: 7.8 (HIGH)
CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Published: June 8, 2021
Last Updated: November 21, 2024

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON