Microsoft MSHTML Remote Code Execution [CVE-2021-40444] | Safe Security

Home Resources Security Research Microsoft MSHTML Remote Code Execution [CVE-2021-40444]

MSHTML (also known as Trident) is a software component used to render web pages on Windows. Although it’s most commonly associated with Internet Explorer, it is also used in other software including versions of Skype, Microsoft Outlook, Visual Studio, and others. This vulnerability allows an attacker to create an ActiveX control to be used by Microsoft Office documents that host the browser rendering engine. The attacker needs to trick the user into opening the malicious document.

Key Pointers:

Introduction to MSHTML and understanding the vulnerability in it
Understanding the severity of the vulnerability
Looking at the CVSS score and covering the scope of impact
Learning how to mitigate the vulnerability
Setting up the lab and understanding the exploitation scenario
Performing the exploit in the lab environment

Brands that
trust our competence

Related Resources

heap based buffer overflow vulnerability research paper

Heap-Based Overflow Vulnerability in Sudo [CVE-2021-3156]Read More

ubuntu overlays privesc vulnerability

Ubuntu OverlayFS Local Privesc VulnerabilityRead More

heartbleed attack cybersecurity research paper

Heartbleed AttackRead More

linux firewall guide research paper

A Beginners Guide to Linux FirewallRead More

insecure deserialzation research paper

Introduction to Insecure DeserializationRead More

linux privilege escalation research paper

Understanding and Exploiting Zerologon Read More