ADV200004 — Availability of updates for Microsoft software utilizing the Autodesk FBX library
Executive Summary
Microsoft is announcing the release of updates to address multiple vulnerabilities found in the Autodesk FBX library which is integrated into certain Microsoft applications. Details about the vulnerabilities can be found here - https://www.autodesk.com/trust/security-advisories/adsk-sa-2020-0002 Remote code execution vulnerabilities exist in Microsoft products that utilize the FBX library when processing specially crafted 3D content. An attacker who successfully exploited these vulnerabilities could gain the same user rights as the local user. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights. To exploit the vulnerabilities, an attacker must send a specially crafted file containing 3D content to a user and convince them to open it. The security updates address these vulnerabilities by correcting the way 3D content is handled by Microsoft software.
Overview
EPSS Score
No EPSS score available for this CVE.
View on FIRST.orgAffected Products
| Product | KB Article | Severity | Impact | Restart Required |
|---|---|---|---|---|
| 3D Viewer | Release Notes (Security Update) |
Important | Remote Code Execution | Maybe |
| Microsoft Office 2019 for 32-bit editions | Click to Run (Security Update) |
Important | Remote Code Execution | No |
| Microsoft Office 2019 for 64-bit editions | Click to Run (Security Update) |
Important | Remote Code Execution | No |
| Office 365 ProPlus for 32-bit Systems | Click to Run (Security Update) |
Important | Remote Code Execution | No |
| Office 365 ProPlus for 64-bit Systems | Click to Run (Security Update) |
Important | Remote Code Execution | No |
| Paint 3D | Release Notes (Security Update) |
Important | Remote Code Execution | Maybe |
Patches
| Article | Type | Restart |
|---|---|---|
Release Notes |
Security Update | Maybe |
Click to Run |
Security Update | No |