microsoft MSHTML remote code execution [CVE-2021-40444] research paper
Security Research

Microsoft MSHTML Remote Code Execution [CVE-2021-40444]

MSHTML (also known as Trident) is a software component used to render web pages on Windows. Although it’s most commonly associated with Internet Explorer, it is also used in other software including versions of Skype, Microsoft Outlook, Visual Studio, and others. This vulnerability allows an attacker to create an ActiveX control to be used by Microsoft Office documents that host the browser rendering engine. The attacker needs to trick the user into opening the malicious document.

Key Pointers:
  • Introduction to MSHTML and understanding the vulnerability in it
  • Understanding the severity of the vulnerability
  • Looking at the CVSS score and covering the scope of impact
  • Learning how to mitigate the vulnerability
  • Setting up the lab and understanding the exploitation scenario
  • Performing the exploit in the lab environment

Brands that
trust our competence

Explore more
kfc logo
discover logo
adp logo
adbed bath beyond logo
expedia logo
chipotle logo
Mosaic Insurance logo
dell logo
fannie-mae logo
 maersk logo
 gsk logo
 wiz logo
 bt logo