Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CVE-2021-40444— Microsoft MSHTML Remote Code Execution Vulnerability

CVSS 8.8 · High KEV · Ransomware EPSS 94.33% · P100

Public Exploits 1

Metasploit · 1 word_mshtml_rce.rb [exploit]
Get alerts for future matching vulnerabilitiesLog in to subscribe

I. Basic Information for CVE-2021-40444

Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗

Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.

Vulnerability Title
Microsoft MSHTML Remote Code Execution Vulnerability
Source: NVD (National Vulnerability Database)
Vulnerability Description
<p>Microsoft is investigating reports of a remote code execution vulnerability in MSHTML that affects Microsoft Windows. Microsoft is aware of targeted attacks that attempt to exploit this vulnerability by using specially-crafted Microsoft Office documents.</p> <p>An attacker could craft a malicious ActiveX control to be used by a Microsoft Office document that hosts the browser rendering engine. The attacker would then have to convince the user to open the malicious document. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.</p> <p>Microsoft Defender Antivirus and Microsoft Defender for Endpoint both provide detection and protections for the known vulnerability. Customers should keep antimalware products up to date. Customers who utilize automatic updates do not need to take additional action. Enterprise customers who manage updates should select the detection build 1.349.22.0 or newer and deploy it across their environments. Microsoft Defender for Endpoint alerts will be displayed as: “Suspicious Cpl File Execution”.</p> <p>Upon completion of this investigation, Microsoft will take the appropriate action to help protect our customers. This may include providing a security update through our monthly release process or providing an out-of-cycle security update, depending on customer needs.</p> <p>Please see the <strong>Mitigations</strong> and <strong>Workaround</strong> sections for important information about steps you can take to protect your system from this vulnerability.</p> <p><strong>UPDATE</strong> September 14, 2021: Microsoft has released security updates to address this vulnerability. Please see the Security Updates table for the applicable update for your system. We recommend that you install these updates immediately. Please see the FAQ for important information about which updates are applicable to your system.</p>
Source: NVD (National Vulnerability Database)
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:H/A:L
Source: NVD (National Vulnerability Database)
Vulnerability Type
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Title
Microsoft MSHTML.DLL 路径遍历漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
Microsoft MSHTML.DLL是美国微软(Microsoft)公司的一个用于解析HTML语言的动态链接库,IE、Outlook、Outlook Express等应用程序都使用了该动态链接库。 Microsoft MSHTML.DLL 存在路径遍历漏洞,远程攻击者可以创建带有恶意ActiveX控件的特制Office文档,诱使受害者打开文档并在系统上执行任意代码。
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)

Shenlong Deep Dive — AI Deep Analysis

10-question deep dive: root cause, exploitation, mitigation, urgency. Read summary free, full version requires login.

Read summary Full analysis (login)

Affected Products

VendorProductAffected VersionsCPESubscribe
MicrosoftWindows 10 Version 1809 10.0.0 ~ 10.0.17763.2183 cpe:2.3:o:microsoft:windows_10_1809:10.0.17763.2183:*:*:*:*:*:x86:*
MicrosoftWindows Server 2019 10.0.0 ~ 10.0.17763.2183 cpe:2.3:o:microsoft:windows_server_2019:10.0.17763.2183:*:*:*:*:*:*:*
MicrosoftWindows Server 2019 (Server Core installation) 10.0.0 ~ 10.0.17763.2183 cpe:2.3:o:microsoft:windows_server_2019:10.0.17763.2183:*:*:*:*:*:*:*
MicrosoftWindows 10 Version 1909 10.0.0 ~ 10.0.18363.1801 cpe:2.3:o:microsoft:windows_10_1909:10.0.18363.1801:*:*:*:*:*:x86:*
MicrosoftWindows 10 Version 21H1 10.0.0 ~ 10.0.19043.1237 cpe:2.3:o:microsoft:windows_10_21H1:10.0.19043.1237:*:*:*:*:*:x64:*
MicrosoftWindows Server 2022 10.0.0 ~ 10.0.20348.230 cpe:2.3:o:microsoft:windows_server_2022:10.0.20348.230:*:*:*:*:*:*:*
MicrosoftWindows 10 Version 2004 10.0.0 ~ 10.0.19041.1237 cpe:2.3:o:microsoft:windows_10_1809:10.0.19041.1237:*:*:*:*:*:x64:*
MicrosoftWindows Server version 2004 10.0.0 ~ 10.0.19041.1237 cpe:2.3:o:microsoft:windows_server_2004:10.0.19041.1237:*:*:*:*:*:*:*
MicrosoftWindows 10 Version 20H2 10.0.0 ~ 10.0.19042.1237 cpe:2.3:o:microsoft:windows_10_20H2:10.0.19042.1237:*:*:*:*:*:x86:*
MicrosoftWindows Server version 20H2 10.0.0 ~ 10.0.19042.1237 cpe:2.3:o:microsoft:windows_server_20H2:10.0.19042.1237:*:*:*:*:*:*:*
MicrosoftWindows 10 Version 1507 10.0.0 ~ 10.0.10240.19060 cpe:2.3:o:microsoft:windows_10_1507:10.0.10240.19060:*:*:*:*:*:x86:*
MicrosoftWindows 10 Version 1607 10.0.0 ~ 10.0.14393.4651 cpe:2.3:o:microsoft:windows_10_1607:10.0.14393.4651:*:*:*:*:*:x86:*
MicrosoftWindows Server 2016 10.0.0 ~ 10.0.14393.4651 cpe:2.3:o:microsoft:windows_server_2016:10.0.14393.4651:*:*:*:*:*:*:*
MicrosoftWindows Server 2016 (Server Core installation) 10.0.0 ~ 10.0.14393.4651 cpe:2.3:o:microsoft:windows_server_2016:10.0.14393.4651:*:*:*:*:*:*:*
MicrosoftWindows 7 6.1.0 ~ 6.1.7601.25712 cpe:2.3:o:microsoft:windows_7:6.1.7601.25712:sp1:*:*:*:*:x86:*
MicrosoftWindows 7 Service Pack 1 6.1.0 ~ 6.1.7601.25712 cpe:2.3:o:microsoft:windows_7:6.1.7601.25712:sp1:*:*:*:*:x64:*
MicrosoftWindows 8.1 6.3.0 ~ 6.3.9600.20120 cpe:2.3:o:microsoft:windows_8.1:6.3.9600.20120:*:*:*:*:*:x86:*
MicrosoftWindows Server 2008 Service Pack 2 6.0.0 ~ 6.0.6003.21218 cpe:2.3:o:microsoft:windows_server_2008_sp2:6.0.6003.21218:*:*:*:*:*:x64:*
MicrosoftWindows Server 2008 Service Pack 2 (Server Core installation) 6.0.0 ~ 6.0.6003.21218 cpe:2.3:o:microsoft:windows_server_2008_sp2:6.0.6003.21218:*:*:*:*:*:x64:*
MicrosoftWindows Server 2008 Service Pack 2 6.0.0 ~ 6.0.6003.21218 cpe:2.3:o:microsoft:windows_server_2008_sp2:6.0.6003.21218:*:*:*:*:*:x86:*
MicrosoftWindows Server 2008 R2 Service Pack 1 6.1.0 ~ 6.1.7601.25712 cpe:2.3:o:microsoft:windows_server_2008_R2:6.1.7601.25712:*:*:*:*:*:x64:*
MicrosoftWindows Server 2008 R2 Service Pack 1 (Server Core installation) 6.0.0 ~ 6.1.7601.25712 cpe:2.3:o:microsoft:windows_server_2008_R2:6.1.7601.25712:*:*:*:*:*:x64:*
MicrosoftWindows Server 2012 6.2.0 ~ 6.2.9200.23462 cpe:2.3:o:microsoft:windows_server_2012:6.2.9200.23462:*:*:*:*:*:x64:*
MicrosoftWindows Server 2012 (Server Core installation) 6.2.0 ~ 6.2.9200.23462 cpe:2.3:o:microsoft:windows_server_2012:6.2.9200.23462:*:*:*:*:*:x64:*
MicrosoftWindows Server 2012 R2 6.3.0 ~ 6.3.9600.20120 cpe:2.3:o:microsoft:windows_server_2012_R2:6.3.9600.20120:*:*:*:*:*:x64:*
MicrosoftWindows Server 2012 R2 (Server Core installation) 6.3.0 ~ 6.3.9600.20120 cpe:2.3:o:microsoft:windows_server_2012_R2:6.3.9600.20120:*:*:*:*:*:x64:*

II. Public POCs for CVE-2021-40444

#POC DescriptionSource LinkShenlong Link
1Microsoft MSHTML Remote Code Execution Vulnerability CVE-2021-40444https://github.com/ozergoker/CVE-2021-40444POC Details
2CVE-2021-40444 POChttps://github.com/DarkSprings/CVE-2021-40444POC Details
3Nonehttps://github.com/rfcxv/CVE-2021-40444-POCPOC Details
4根据已知样本反编译代码https://github.com/bambooqj/CVE-2021-40444_EXP_JSPOC Details
5Nonehttps://github.com/Immersive-Labs-Sec/cve-2021-40444-analysisPOC Details
6Nonehttps://github.com/vysecurity/CVE-2021-40444POC Details
7CVE-2021-40444 Sample https://github.com/Udyz/CVE-2021-40444-SamplePOC Details
8CVE-2021-40444 PoChttps://github.com/lockedbyte/CVE-2021-40444POC Details
9Nonehttps://github.com/fengjixuchui/CVE-2021-40444-docx-GeneratePOC Details
10Nonehttps://github.com/KnoooW/CVE-2021-40444-docx-GeneratePOC Details
11A malicious .cab creation tool for CVE-2021-40444https://github.com/mansk1es/CaboomPOC Details
12Reverse engineering the "A Letter Before Court 4.docx" malicious files exploting cve-2021-40444https://github.com/jamesrep/cve-2021-40444POC Details
13Nonehttps://github.com/W1kyri3/Exploit-PoC-CVE-2021-40444-inject-ma-doc-vao-docxPOC Details
14This repo contain builders of cab file, html file, and docx file for CVE-2021-40444 exploithttps://github.com/aslitsecurity/CVE-2021-40444_buildersPOC Details
15POC for CVE-2021-40444https://github.com/khoaduynu/CVE-2021-40444POC Details
16Malicious document builder for CVE-2021-40444 https://github.com/Jeromeyoung/MSHTMHellPOC Details
17Nonehttps://github.com/k8gege/CVE-2021-40444POC Details
18CVE-2021-40444 - Fully Weaponized Microsoft Office Word RCE Exploithttps://github.com/klezVirus/CVE-2021-40444POC Details
19CVE-2021-40444 - Custom CAB templates from MakeCABhttps://github.com/Udyz/CVE-2021-40444-CABPOC Details
20Modified code so that we don´t need to rely on CAB archiveshttps://github.com/Edubr2020/CVE-2021-40444--CABlessPOC Details
21CVE 2021 40444 Windows Exploit services.dllhttps://github.com/kal1gh0st/CVE-2021-40444_CAB_archivesPOC Details
22This docx exploit uses res files inside Microsoft .docx file to execute malicious files. This exploit is related to CVE-2021-40444https://github.com/LazarusReborn/Docx-Exploit-2021POC Details
23Nonehttps://github.com/H0j3n/CVE-2021-40444POC Details
24Nonehttps://github.com/metehangenel/MSHTML-CVE-2021-40444POC Details
25TIC4301 Project - CVE-2021-40444https://github.com/Jeromeyoung/TIC4301_ProjectPOC Details
26Nonehttps://github.com/TiagoSergio/CVE-2021-40444POC Details
27An attempt to reproduce Microsoft MSHTML Remote Code Execution (RCE) Vulnerability and using Metasploit Framework.https://github.com/wh00datz/CVE-2021-40444-POCPOC Details
28Contains the offensive (exploit and auxiliary) modules for the CVE-2021-40444.https://github.com/Zeop-CyberSec/word_mshtmlPOC Details
29Nonehttps://github.com/Alexcot25051999/CVE-2021-40444POC Details
30Nonehttps://github.com/lisinan988/CVE-2021-40444-expPOC Details
31CVE-2021-40444https://github.com/34zY/Microsoft-Office-Word-MSHTML-Remote-Code-Execution-ExploitPOC Details
32Microsoft-Office-Word-MSHTML-Remote-Code-Execution-Exploithttps://github.com/MRacumen/CVE-2021-40444POC Details
33Nonehttps://github.com/RedLeavesChilde/CVE-2021-40444POC Details
34Nonehttps://github.com/nvchungkma/CVE-2021-40444-Microsoft-Office-Word-Remote-Code-Execution-POC Details
35Nonehttps://github.com/hqdat809/CVE-2021-40444POC Details
36Nonehttps://github.com/tiagob0b/CVE-2021-40444POC Details
37An attempt to reproduce Microsoft MSHTML Remote Code Execution (RCE) Vulnerability and using Metasploit Framework.https://github.com/kagura-maru/CVE-2021-40444-POCPOC Details
38For learning purpose did a complete analysis on CVE-2021-40444 POC (proof of concept)https://github.com/skitkat/CVE-2021-40444-POCPOC Details
39CVE-2021-40444 Sample https://github.com/k4k4/CVE-2021-40444-SamplePOC Details
40CVE-2021-40444 - Custom CAB templates from MakeCABhttps://github.com/Phuong39/CVE-2021-40444-CABPOC Details
41This repository contains scripts and resources for exploiting the Follina CVE and CVE-2021-40444 vulnerabilities in Microsoft Office. The scripts generate malicious document files that can execute arbitrary code on the target system.https://github.com/basim-ahmad/Follina-CVE-and-CVE-2021-40444POC Details
AI-Generated POCPremium

No public POC found.

Login to generate AI POC

III. Intelligence Information for CVE-2021-40444

登录查看更多情报信息。

Same Patch Batch · Microsoft · 2021-09-15 · 61 CVEs total

CVE-2021-386479.8 CRITICALOpen Management Infrastructure Remote Code Execution Vulnerability
CVE-2021-369658.8 HIGHWindows WLAN AutoConfig Service Remote Code Execution Vulnerability
CVE-2021-369548.8 HIGHWindows Bind Filter Driver Elevation of Privilege Vulnerability
CVE-2021-264358.1 HIGHWindows Scripting Engine Memory Corruption Vulnerability
CVE-2021-369678.0 HIGHWindows WLAN AutoConfig Service Elevation of Privilege Vulnerability
CVE-2021-386257.8 HIGHWindows Kernel Elevation of Privilege Vulnerability
CVE-2021-386267.8 HIGHWindows Kernel Elevation of Privilege Vulnerability
CVE-2021-386287.8 HIGHWindows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability
CVE-2021-386557.8 HIGHMicrosoft Excel Remote Code Execution Vulnerability
CVE-2021-386307.8 HIGHWindows Event Tracing Elevation of Privilege Vulnerability
CVE-2021-386567.8 HIGHMicrosoft Word Remote Code Execution Vulnerability
CVE-2021-386547.8 HIGHMicrosoft Office Visio Remote Code Execution Vulnerability
CVE-2021-369757.8 HIGHWin32k Elevation of Privilege Vulnerability
CVE-2021-386397.8 HIGHWin32k Elevation of Privilege Vulnerability
CVE-2021-386487.8 HIGHOpen Management Infrastructure Elevation of Privilege Vulnerability
CVE-2021-386467.8 HIGHMicrosoft Office Access Connectivity Engine Remote Code Execution Vulnerability
CVE-2021-386457.8 HIGHOpen Management Infrastructure Elevation of Privilege Vulnerability
CVE-2021-386447.8 HIGHMicrosoft MPEG-2 Video Extension Remote Code Execution Vulnerability
CVE-2021-386537.8 HIGHMicrosoft Office Visio Remote Code Execution Vulnerability
CVE-2021-264347.8 HIGHVisual Studio Elevation of Privilege Vulnerability

Showing top 20 of 61 CVEs. View all on vendor page &rarr; →

IV. Related Vulnerabilities

Same product: Windows 10 Version 1809
Same vendor: Microsoft

V. Comments for CVE-2021-40444

No comments yet

Leave a comment