Lucene search

K
cnvdChina National Vulnerability DatabaseCNVD-2021-69088
HistorySep 08, 2021 - 12:00 a.m.

Microsoft MSHTML Remote Code Execution Vulnerability

2021-09-0800:00:00
China National Vulnerability Database
www.cnvd.org.cn
13

7.8 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

6.8 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

MSHTML (also known as Trident) is Microsoft’s Internet Explorer browser engine, and while MHTML is primarily used in the deprecated Internet Explorer browser, the component is also used in Office applications to render Word, Excel, or PowerPoint documents in A remote code execution vulnerability exists in Microsoft MSHTML. An attacker could exploit this vulnerability by crafting a Microsoft Office document with a malicious ActiveX control and tricking a user into opening the document. A remote attacker who successfully exploits this vulnerability could execute arbitrary code on the target system with that user’s privileges.

CPENameOperatorVersion
microsoft windowseq8.1

7.8 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

6.8 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P