{"@odata.context":"https://api.msrc.microsoft.com/sug/v2.0/sugodata/v2.0/en-US/$metadata#vulnerability/$entity","id":"00000000-0000-0000-0000-0000b0cb0175","releaseDate":"2021-06-08T07:00:00Z","cveNumber":"CVE-2021-31944","cveTitle":"3D Viewer Information Disclosure Vulnerability","releaseNumber":"2021-Jun","vulnType":"Security Vulnerability","latestRevisionDate":"2021-06-08T07:00:00Z","cweList":[],"cweDetailsListForSearch":[],"mitreText":"CVE-2021-31944","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2021-31944","publiclyDisclosed":"No","exploited":"No","latestSoftwareReleaseId":2,"latestSoftwareRelease":"Exploitation Less Likely","olderSoftwareReleaseId":2,"olderSoftwareRelease":"Exploitation Less Likely","denialOfService":"N/A","tag":"3D Viewer","issuingCna":"Microsoft","issuingCnaId":0,"severityId":100000001,"severity":"Important","impactId":100000003,"impact":"Information Disclosure","langCode":"en-US","baseScore":"5.0","temporalScore":"4.4","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C","vectorStringSource":"Microsoft","isMariner":false,"customerActionRequired":true,"customerActionRequiredId":0,"cweDetailsList":[],"articles":[{"articleType":"FAQ","description":"<p><strong>How do I get the updated app?</strong></p>\n<p>The Microsoft Store will automatically update affected customers. Alternatively, customers can get the update immediately; see <a href=\"https://support.microsoft.com/en-us/account-billing/get-updates-for-apps-and-games-in-microsoft-store-a1fe19c0-532d-ec47-7035-d1c5a1dd464f\">here</a> for details.</p>\n<p>It is possible for customers to disable automatic updates for the Microsoft Store. The Microsoft Store will not automatically install this update for those customers.</p>\n<p><strong>My system is in a disconnected environment; is it vulnerable?</strong></p>\n<p>Customers using the Microsoft Store for Business and Microsoft Store for Education can get this update through their organizations.</p>\n<p><strong>How can I check if the update is installed?</strong></p>\n<p>App package versions <strong>7.2105.4012.0</strong> and later contain this update.</p>\n<p>You can check the package version in PowerShell:</p>\n<p><code>Get-AppxPackage -Name Microsoft.Microsoft3DViewer</code></p>\n","ordinal":10000},{"articleType":"FAQ","description":"<p><strong>According to the CVSS metric, user interaction is required (UI:R). What interaction would the user have to do?</strong></p>\n<p>Exploitation of the vulnerability requires that a user open a specially crafted file.</p>\n<ul>\n<li>In an email attack scenario, an attacker could exploit the vulnerability by sending the specially crafted file to the user and convincing the user to open the file.</li>\n<li>In a web-based attack scenario, an attacker could host a website (or leverage a compromised website that accepts or hosts user-provided content) containing a specially crafted file designed to exploit the vulnerability.</li>\n</ul>\n<p>An attacker would have no way to force users to visit the website. Instead, an attacker would have to convince users to click a link, typically by way of an enticement in an email or instant message, and then convince them to open the specially crafted file.</p>\n","ordinal":10000}],"revisions":[{"cveNumber":"CVE-2021-31944","version":1,"revisionDate":"2021-06-08T07:00:00Z","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"2db17203-f4b1-eb11-a83e-000d3a6d3364"}]}