CVE-2021-40444

Description from NVD

Microsoft MSHTML Remote Code Execution Vulnerability

Information Acquisition Date:2021-11-22T18:00Z
CVSS 2.0: 6.8 MEDIUM CVSS 3.x: 7.8 HIGH

▼ CVSS3 Vec CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

▼ CVSS2 Vec AV:N/AC:M/Au:N/C:P/I:P/A:P

NVD References

 https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-40444
     source:MISC
     tags:Mitigation    Patch    Vendor Advisory    
 http://packetstormsecurity.com/files/164210/Microsoft-Windows-MSHTML-Overview.html
     source:MISC
     tags:Exploit    Third Party Advisory    

This vulnerability may involve a PoC.

Refer to Information on External Sites

CVE InfomationExploits or more Infomation
mitreEXPLOIT DATABASE
NVD0day.today
vulmon.comgithub
CVE DetailsTwitter
JVN ENG JPN
Reconshell

Software Tag: Java(1 tweets) Windows(7 tweets)



List of frequently cited URLs

URLNum of Times Referred to
http://twinybots.ch60
https://lists.astaro.com/ASGV9-IPS-rules.html20
https://citizenlab.ca/2021/09/forcedentry-nso-group-imessag...17
https://thehackernews.com/2021/09/new-0-day-attack-targetin...12
https://research.trendmicro.com/3m7VfEz11
https://youtu.be/Oz16xte5UeU7
https://www.nichepcgamer.com/archives/cve-2021-40444-window...7
https://go.shr.lc/3lwUSVd6
https://twitter.com/msftsecresponse/status/14353079490149908506
https://otx.alienvault.com/pulse/613914361364535ed5d60bc46
https://securityaffairs.co/wordpress/122224/security/micros...6
https://blog.segu-info.com.ar/2021/09/zero-day-critico-en-m...6
https://ift.tt/2X1SJ9X5
https://securelist.com/exploitation-of-the-cve-2021-40444-v...5
https://www.mcafee.com/blogs/enterprise/mcafee-enterprise-a...5
https://us-cert.cisa.gov/ncas/current-activity/2021/09/07/m...5
https://www.kaspersky.com/blog/cve-2021-40444-vulnerability...5
https://blog.trendmicro.co.jp/archives/287245
https://noticiasseguridad.com/vulnerabilidades/cve-2021-404...5
https://michaelkoczwara.medium.com/mapping-and-pivoting-cob...5
https://ascii.jp/elem/000/004/070/4070263/4
https://blog.nviso.eu/2021/09/09/kusto-hunting-query-for-cv...4
https://www.ipa.go.jp/security/ciadr/vul/20210908-ms.html4
https://threatpost.com/microsoft-mshtml-ryuk-ransomware/174...4
https://asec.ahnlab.com/ko/28690/4
https://bazaar.abuse.ch/browse/tag/CVE-2021-40444/4
https://therecord.media/microsoft-warns-of-new-ie-zero-day-...4
https://www.jpcert.or.jp/at/2021/at210038.html4
https://krebsonsecurity.com/2021/09/microsoft-attackers-exp...4
https://www.hackplayers.com/2021/09/parche-para-cve-2021-40...4
https://www.cert.ssi.gouv.fr/alerte/CERTFR-2021-ALE-019/4
https://www.securityweek.com/microsoft-office-zero-day-hit-...4
https://blog.malwarebytes.com/reports/2021/09/mshtml-attack...4
https://www.bleepingcomputer.com/news/security/microsoft-sh...4
https://j.mp/3hNnSpo3
http://CERT.LV3
https://buff.ly/3yUkMFF3
http://dlvr.it/S78KzT3
https://msft.it/6011XTGHN3
https://xakep.ru/2021/09/10/cve-2021-3
http://earmas.ga3
https://github.com/SigmaHQ/sigma/blob/master/rules/windows/...3
http://izumino.jp/Security/sec_trend.cgi?ref=tw&ref_date=20...3
https://opsmtrs.com/33G8R113
http://Pastebin.com3
https://isc.sans.edu/diary/rss/278183
https://vx-underground3
http://www.jisaka.com/archives/38706571.html3
https://www.riskiq.com/blog/external-threat-management/wiza...3
https://www.youtube.com/watch?v=Oz16xte5UeU3
https://blog.alyac.co.kr/42623
https://news.yahoo.co.jp/byline/ohmototakashi/20210912-0025...3
https://paper.seebug.org/1718/3
https://www.adslzone.net/noticias/windows/ataque-cve-2021-4...3
https://www.borncity.com/blog/2021/09/10/mshtml-schwachstel...3
https://www.fortinet.com/blog/threat-research/microsoft-msh...3
https://www.huntress.com/blog/cybersecurity-advisory-hacker...3
http://www.kitploit.com/2021/09/cve-2021-40444-poc-maliciou...3
https://www.microsoft.com/security/blog/2021/09/15/analyzin...3
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2...3
https://www.anoopcnair.com/deploy-registry-fix-using-intune...3
https://www.trendmicro.com/en_us/research/21/i/remote-code-...3
https://xret2pwn.github.io/CVE-2021-40444-Analysis-and-Expl...3
https://ciberseguridad.blog/detectando-ficheros-ofimaticos-...3
https://www.sentinelone.com/blog/peeking-into-cve-2021-4044...3
http://feedproxy.google.com/~r/HelpNetSecurity/~3/j02rIori0KA/3
https://www.kaspersky.com.br/blog/cve-2021-40444-vulnerabil...3
https://kataware.hatenablog.jp/entry/2021/09/12/1659213
https://www.helpnetsecurity.com/2021/09/08/cve-2021-40444/3
https://www.zerodayinitiative.com/blog/2020/7/8/cve-2020-13...3

▼ Show Information from Twitter(114)


List of frequently cited URLs

URLNum of Times Referred to
twinybots.ch60
lists.astaro.com20
citizenlab.ca17
thehackernews.com12
research.trendmicro.com11
youtu.be7
www.nichepcgamer.com7
go.shr.lc6
twitter.com6
otx.alienvault.com6
securityaffairs.co6
blog.segu-info.com.ar6
ift.tt5
securelist.com5
www.mcafee.com5
us-cert.cisa.gov5
www.kaspersky.com5
blog.trendmicro.co.jp5
noticiasseguridad.com5
michaelkoczwara.medium.com5
ascii.jp4
blog.nviso.eu4
www.ipa.go.jp4
threatpost.com4
asec.ahnlab.com4
bazaar.abuse.ch4
therecord.media4
www.jpcert.or.jp4
krebsonsecurity.com4
www.hackplayers.com4
www.cert.ssi.gouv.fr4
www.securityweek.com4
blog.malwarebytes.com4
www.bleepingcomputer.com4
j.mp3
CERT.LV3
buff.ly3
dlvr.it3
msft.it3
xakep.ru3
earmas.ga3
github.com3
izumino.jp3
opsmtrs.com3
Pastebin.com3
isc.sans.edu3
vx-underground3
www.jisaka.com3
www.riskiq.com3
www.youtube.com3
blog.alyac.co.kr3
news.yahoo.co.jp3
paper.seebug.org3
www.adslzone.net3
www.borncity.com3
www.fortinet.com3
www.huntress.com3
www.kitploit.com3
www.microsoft.com3
msrc.microsoft.com3
www.anoopcnair.com3
www.trendmicro.com3
xret2pwn.github.io3
ciberseguridad.blog3
www.sentinelone.com3
feedproxy.google.com3
www.kaspersky.com.br3
kataware.hatenablog.jp3
www.helpnetsecurity.com3
www.zerodayinitiative.com3

▼ Show Information from Twitter(114)


GitHub Search Results: Up to 10
NameURL
lockedbyte/CVE-2021-40444 https://github.com/lockedbyte/CVE-2021-40444
klezVirus/CVE-2021-40444 https://github.com/klezVirus/CVE-2021-40444
Udyz/CVE-2021-40444-Sample https://github.com/Udyz/CVE-2021-40444-Sample
aslitsecurity/CVE-2021-40444_builders https://github.com/aslitsecurity/CVE-2021-40444_builders
Edubr2020/CVE-2021-40444--CABless https://github.com/Edubr2020/CVE-2021-40444--CABless
rfcxv/CVE-2021-40444-POC https://github.com/rfcxv/CVE-2021-40444-POC
DarkSprings/CVE-2021-40444 https://github.com/DarkSprings/CVE-2021-40444
Lagal1990/CVE-2021-40444-docx-Generate https://github.com/Lagal1990/CVE-2021-40444-docx-Generate
ozergoker/CVE-2021-40444 https://github.com/ozergoker/CVE-2021-40444
k8gege/CVE-2021-40444 https://github.com/k8gege/CVE-2021-40444

GitHub Search Results: Up to 10
NameURL
lockedbyte/CVE-2021-40444 github.com
klezVirus/CVE-2021-40444 github.com
Udyz/CVE-2021-40444-Sample github.com
aslitsecurity/CVE-2021-40444_builders github.com
Edubr2020/CVE-2021-40444--CABless github.com
rfcxv/CVE-2021-40444-POC github.com
DarkSprings/CVE-2021-40444 github.com
Lagal1990/CVE-2021-40444-docx-Generate github.com
ozergoker/CVE-2021-40444 github.com
k8gege/CVE-2021-40444 github.com

2021/11/27 Score : 2
Added Har-sia Database : 2021/09/08
Last Modified : 2021/11/27
Highest Scored Date : 2021/09/08
Highest Score : 268