The Bug Report | September 2021: CVE-2021-40444

Share on facebook
Share on twitter
Share on linkedin
Share on reddit
Share on email

Why am I here?

There’s a lot of information out there on critical vulnerabilities; this short bug report contains an overview of what we believe to be the most news and noteworthy vulnerabilities. We don’t rely on a single scoring system like CVSS to determine what you need to know about; this is all about qualitative and experience-based analysis, relying on over 100 years of combined industry experience within our team. We look at characteristics such as wormability, ubiquity of the target, likelihood of exploitation and impact. Today, we’ll be focusing on CVE-2021-40444.

CrossView: CVE-2021-40444

What is it?

CVE-2021-40444 is a vulnerability in Office applications which use protected view such as Word, PowerPoint and Excel which allows an attacker to achieve remote code execution (RCE). CVE-2021-40444 is a vulnerability which allows a carefully crafted ActiveX control and a malicious MS Cabinet (.cab) file to be launched from an Office document. 

Most importantly, this vulnerability impacts the applications themselves, as well as the Windows Explorer preview pane.

Who cares?

This is a great question! Pretty much anyone who uses any

Read the article