|
|
|||
| Rule General Information |
|---|
| Release Date: | 2021-09-10 | |
| Rule Name: | Microsoft MSHTML Remote Code Execution Vulnerability (CVE-2021-40444) | |
| Severity: | ||
| CVE ID: | ||
| Rule Protection Details |
|---|
| Description: | Microsoft MSHTML.DLL is a dynamic link library used by Microsoft Corporation to parse HTML language. Applications such as IE, Outlook, and Outlook Express all use this dynamic link library. The vulnerability is in MSHTML, Internet Explorer’s engine. A remote attacker can create a specially crafted Office document with malicious ActiveX controls to trick the victim to open the document and execute arbitrary code on the system. | |
| Impact: | An attacker can execute arbitrary code via a successful exploit in the context of the vulnerable software. | |
| Affected OS: | Windows | |
| Reference: | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-40444 https://www.trendmicro.com/en_my/research/21/i/remote-code-execution-zero-day--cve-2021-40444--hits-windows--tr.html |
|
| Solutions |
|---|
| The vendor has released upgrade patches to fix vulnerabilities, please visit: https://docs.microsoft.com/en-us/windows/win32/devnotes/mshtml2 |