CVE-2018-18447 dotPDN Paint.NET before 4.1.2 allows Deserialization of Untrusted Data (issue 2 of 2).

These issues could result in remote code execution. To verify your application's resistance to these issues, you can run it through an automated scanner like Qualys or through the Paint.NET IRC channel on freenode. You can also follow the instructions in the Security Vulnerability Guidelines (SVGs) to harden your application. Paint.NET before 4.1.2 introduced additional hardening to help prevent these issues.

CVE-2018-18447: Background process execution vulnerability

A vulnerability was discovered in Paint.NET that can allow code execution as a background process on the system. The vulnerability exists when the "Network color" option is set to true, and could result in remote code execution.

Summary

This vulnerability is known as CVE-2018-18447. This vulnerability requires that a user must click on a specially crafted file with Paint.NET before 4.1.2 in order to be exploited. The attacker would then gain the ability to execute code on the target system through a remote code execution vulnerability in the Windows GDI component, which could allow for local privilege escalation and remote code execution of arbitrary code on the targeted system, as well as any other vulnerable application hosted by the same host process.

CSRF vulnerability

One vulnerability affecting Paint.NET is the cross-site request forgery (CSRF) vulnerability, where an attack could cause a user's actions on one site to be executed on a different site without the user's knowledge or consent.
The CSRF vulnerability affects only versions of Paint.NET before 4.1.2, so if you are running an affected version, you should upgrade immediately to ensure your application remains secure.

Microsoft Edge CVE-2018-18447

If you are using Microsoft Edge, see the following advisory for more information on how to verify your application's resistance to these issues.
Microsoft Edge Security Vulnerability Guidance
Reference: https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-18447

CSRF attacks

CSRF attacks occur when the attacker tricks a user into clicking on a button, link, or other device that initiates an unwanted action without their consent. Paint.NET before 4.1.2 has protection against CSRF that would make such attacks more difficult to execute successfully.

Timeline

Published on: 10/12/2022 21:15:00 UTC
Last modified on: 10/13/2022 17:39:00 UTC

References

• https://blog.getpaint.net/2018/10/22/paint-net-4-1-2-is-now-available/
• https://www.getpaint.net
• https://www.dotpdn.com
• https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-18447