Microsoft MSHTML Remote Code Execution (CVE-2021-40444)

Share on facebook
Share on twitter
Share on linkedin
Share on reddit
Share on email

The experts at GoSecure Titan Labs are aware of a new 0-day Remote Code Execution (RCE) vulnerability in Microsoft Windows. Our team of investigators has identified a mitigation and remediation strategy that technology professionals can use to address this emerging challenge swiftly.

This vulnerability has been given the CVE identifier of CVE-2021-40444. This vulnerability uses specially crafted Microsoft Word documents to create an ActiveX control that will execute malicious code upon opening the document. ActiveX is a Microsoft Framework designed to allow applications to share data through web browsers. Released in 1996, it has been criticized for almost a decade. However, ActiveX remains a part of Internet Explorer for backwards compatibility.

The post Microsoft MSHTML Remote Code Execution (CVE-2021-40444) appeared first on GoSecure.

Read the article