DNSTake - A Fast Tool To Check Missing Hosted DNS Zones That Can Lead To Subdomain Takeover
2021-09-16T20:30:00
ID KITPLOIT:5550923684662771880 Type kitploit Reporter KitPloit Modified 2021-09-16T20:30:00
Description
A fast tool to check missing hosted DNS zones that can lead to subdomain takeover.
What is a DNS takeover?
DNS takeover vulnerabilities occur when a subdomain (subdomain.example.com) or domain has its authoritative nameserver set to a provider (e.g. AWS Route 53, Akamai, Microsoft Azure, etc.) but the hosted zone has been removed or deleted. Consequently, when making a request for DNS records the server responds with a SERVFAIL error. This allo ws an attacker to create the missing hosted zone on the service that was being used and thus control all DNS records for that (sub)domain.¹
Installation
from Binary
The ez way! You can download a pre-built binary from releases page , just unpack and run!
DNSTake use RetryableDNS client library to send DNS queries. Initial engagement using Google & Cloudflare DNS as the resolver, then check & fingerprinting the nameservers of target host — if there is one, it will resolving the target host again with its nameserver IPs as resolver, if it gets weird DNS status response (other than NOERROR / NXDOMAIN ), then it's vulnerable to be taken over. More or less like this in form of a diagram.
{"id": "KITPLOIT:5550923684662771880", "bulletinFamily": "tools", "title": "DNSTake - A Fast Tool To Check Missing Hosted DNS Zones That Can Lead To Subdomain Takeover", "description": "[  ](<https://1.bp.blogspot.com/-LGMSUcdo2JM/YUK0T3V-wmI/AAAAAAAAumU/6VQzYIHfowQkYRjUfQivB78oB7xET-I8QCNcBGAsYHQ/s1218/DNSTake.png>)\n\n \n\n\nA fast tool to check missing hosted DNS zones that can lead to subdomain takeover. \n\n \n** What is a DNS takeover? ** \n\n\nDNS takeover [ vulnerabilities ](<https://www.kitploit.com/search/label/vulnerabilities> \"vulnerabilities\" ) occur when a subdomain (subdomain.example.com) or domain has its authoritative nameserver set to a provider (e.g. AWS Route 53, Akamai, Microsoft Azure, etc.) but the hosted zone has been removed or deleted. Consequently, when making a [ request for DNS records ](<https://www.diggui.com/#type=A&hostname=github.technology&nameserver=public&public=8.8.8.8&specify=&clientsubnet=&tcp=def&transport=def&mapped=def&nssearch=def&trace=def&recurse=def&edns=def&dnssec=def&subnet=def&cookie=def&all=def&cmd=def&question=def&answer=def&authority=def&additional=def&comments=def&stats=def&multiline=def&short=def&colorize=on> \"request for DNS records\" ) the server responds with a ` SERVFAIL ` error. This allo ws an attacker to create the missing hosted zone on the service that was being used and thus control all DNS records for that (sub)domain.\u00b9 \n\n \n\n\n** Installation ** \n \n** from Binary ** \n\n\nThe ez way! You can download a pre-built binary from [ releases page ](<https://github.com/pwnesia/dnstake/releases> \"releases page\" ) , just unpack and run! \n\n \n** from Source ** \n** NOTE: ** [ Go 1.16+ compiler ](<https://golang.org/doc/install> \"Go 1.16+ compiler\" ) should be installed & configured! \n--- \n \nVery quick & clean! \n \n \n \u25b6 go install github.com/pwnesia/dnstake/cmd/[email\u00a0protected]\n\n \n** \u2014 or ** \n\n\nManual building executable from source code: \n \n \n \u25b6 git clone https://github.com/pwnesia/dnstake \n \u25b6 cd dnstake/cmd/dnstake \n \u25b6 go build . \n \u25b6 (sudo) mv dnstake /usr/local/bin\n\n \n** Usage ** \n\n \n \n $ dnstake -h \n \n \u00b7\u2584\u2584\u2584\u2584 \u2590 \u2584 .\u2584\u2584 \u00b7\u2584\u2584\u2584\u2584\u2584 \u2584\u2584\u2584\u00b7 \u2584 \u2022\u2584 \u2584\u2584\u2584 . \n \u2588\u2588\u25aa \u2588\u2588 \u2022\u2588\u258c\u2590\u2588\u2590\u2588 \u2580.\u2022\u2588\u2588 \u2590\u2588 \u2580\u2588 \u2588\u258c\u2584\u258c\u25aa\u2580\u2584.\u2580\u00b7 \n \u2590\u2588\u00b7 \u2590\u2588\u258c\u2590\u2588\u2590\u2590\u258c\u2584\u2580\u2580\u2580\u2588\u2584\u2590\u2588.\u25aa\u2584\u2588\u2580\u2580\u2588 \u2590\u2580\u2580\u2584\u00b7\u2590\u2580\u2580\u25aa\u2584 \n \u2588\u2588. \u2588\u2588 \u2588\u2588\u2590\u2588\u258c\u2590\u2588\u2584\u25aa\u2590\u2588\u2590\u2588\u258c\u00b7\u2590\u2588 \u25aa\u2590\u258c\u2590\u2588.\u2588\u258c\u2590\u2588\u2584\u2584\u258c \n \u2580\u2580\u2580\u2580\u2580\u2022 \u2580▀ ; \u2588\u25aa \u2580\u2580\u2580\u2580 \u2580\u2580\u2580 \u2580 \u2580 \u00b7\u2580 \u2580 \u2580\u2580\u2580 \n \n (c) pwnesia.org \u2014 v0.0.1 \n \n Usage: \n [stdin] | dnstake [options] \n dnstake -t HOSTNAME [options] \n \n Options: \n -t, --target <HOST/FILE> Define single target host/list to check \n -c, --concurrent <i> Set the concurrency level (default: 25) \n -s, --silent Suppress errors and/or clean output \n -h, --help Display its help \n \n Examples: \n dnstake -t (sub.)domain.tld \n dnstake -t hosts.txt \n cat hosts.txt | dnstake \n subfinder -silent -d domain.tld | dnstake\n\n \n** Workflow ** \n\n\n** DNSTake ** use [ RetryableDNS client library ](<https://github.com/projectdiscovery/retryabledns> \"RetryableDNS client library\" ) to send DNS queries. Initial engagement using Google & Cloudflare DNS as the resolver, then check & [ fingerprinting ](<https://www.kitploit.com/search/label/Fingerprinting> \"fingerprinting\" ) the nameservers of target host \u2014 if there is one, it will resolving the target host again with its nameserver IPs as resolver, if it gets weird DNS status response (other than ` NOERROR ` / ` NXDOMAIN ` ), then it's [ vulnerable ](<https://www.kitploit.com/search/label/Vulnerable> \"vulnerable\" ) to be taken over. More or less [ like this ](<https://0xpatrik.com/content/images/2018/08/ns_automation-2.png> \"like this\" ) in form of a diagram. \n\nCurrently supported DNS providers, see [ here ](<https://github.com/indianajson/can-i-take-over-dns/blob/97104102c8ce911fd978521c703f26e1c547c613/README.md#dns-providers> \"here\" ) . \n\n \n** References ** \n\n\n * [1] [ https://github.com/indianajson/can-i-take-over-dns#what-is-a-dns-takeover ](<https://github.com/indianajson/can-i-take-over-dns#what-is-a-dns-takeover> \"https://github.com/indianajson/can-i-take-over-dns#what-is-a-dns-takeover\" )\n * [ https://0xpatrik.com/subdomain-takeover-ns/ ](<https://0xpatrik.com/subdomain-takeover-ns/> \"https://0xpatrik.com/subdomain-takeover-ns/\" )\n \n** License ** \n\n\n** DNSTake ** is [ distributed ](<https://www.kitploit.com/search/label/Distributed> \"distributed\" ) under MIT. See ` LICENSE ` . \n\n \n \n\n\n** [ Download Dnstake ](<https://github.com/pwnesia/dnstake> \"Download Dnstake\" ) **\n", "published": "2021-09-16T20:30:00", "modified": "2021-09-16T20:30:00", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}, "cvss2": {}, "cvss3": {}, "href": "http://www.kitploit.com/2021/09/dnstake-fast-tool-to-check-missing.html", "reporter": "KitPloit", "references": ["https://github.com/pwnesia/dnstake/releases", "https://www.diggui.com/#type=A&hostname=github.technology&nameserver=public&public=8.8.8.8&specify=&clientsubnet=&tcp=def&transport=def&mapped=def&nssearch=def&trace=def&recurse=def&edns=def&dnssec=def&subnet=def&cookie=def&all=def&cmd=def&question=def&answer=def&authority=def&additional=def&comments=def&stats=def&multiline=def&short=def&colorize=on", "https://github.com/indianajson/can-i-take-over-dns/blob/97104102c8ce911fd978521c703f26e1c547c613/README.md#dns-providers", "https://github.com/projectdiscovery/retryabledns", "https://github.com/pwnesia/dnstake", "https://github.com/indianajson/can-i-take-over-dns#what-is-a-dns-takeover"], "cvelist": ["CVE-2021-40444"], "immutableFields": [], "type": "kitploit", "lastseen": "2021-09-25T14:39:46", "edition": 2, "viewCount": 92, "enchantments": {"dependencies": {"references": [{"type": "cve", "idList": ["CVE-2021-40444"]}, {"type": "attackerkb", "idList": ["AKB:F7CCD0B7-220B-49E5-A4DF-27E26B64A3F0"]}, {"type": "kitploit", "idList": ["KITPLOIT:4074521293617632933", "KITPLOIT:1624142243530526923", "KITPLOIT:4033244480100620751", "KITPLOIT:698315176468431184", "KITPLOIT:3697667464193804316", "KITPLOIT:5187040326820919368", "KITPLOIT:5184284878903042540", "KITPLOIT:3456474172768099634", "KITPLOIT:2590785192528609562", "KITPLOIT:942518396640901655", "KITPLOIT:5230148353750207837"]}, {"type": "cisa", "idList": ["CISA:C70D91615E3DC8B589B493118D474566"]}, {"type": "securelist", "idList": ["SECURELIST:63306FA6D056BD9A04969409AC790D84"]}, {"type": "mmpc", "idList": ["MMPC:795E0A765679492C51FEFA2B19EAD597"]}, {"type": "mssecure", "idList": ["MSSECURE:795E0A765679492C51FEFA2B19EAD597"]}, {"type": "trendmicroblog", "idList": ["TRENDMICROBLOG:E0C479F55DF4C53A47CA2170110555AE", "TRENDMICROBLOG:E17B66F8728189778826A0F497A540F2"]}, {"type": "nessus", "idList": ["SMB_NT_MS21_IE_SEPT_2021.NASL", "SMB_NT_MS21_SEP_5005565.NASL", "SMB_NT_MS21_SEP_INTERNET_EXPLORER.NASL", "SMB_NT_MS21_SEP_5005613.NASL", "SMB_NT_MS21_SEP_5005573.NASL", "SMB_NT_MS21_SEP_5005568.NASL", "SMB_NT_MS21_SEP_5005569.NASL", "SMB_NT_MS21_SEP_5005566.NASL"]}, {"type": "thn", "idList": ["THN:59AE75C78D4644BFA6AD90225B3DE0C1", "THN:67ECC712AB360F5A56F2434CDBF6B51F", "THN:D4E86BD8938D3B2E15104CA4922A51F8"]}, {"type": "mskb", "idList": ["KB5005563"]}, {"type": "threatpost", "idList": ["THREATPOST:6D61C560E85ECD0A7A35C55E74849510", "THREATPOST:62DC935BF4DB4EF8A4F1E83519B1D5CD", "THREATPOST:3C3F20C93519036CC712D1CA3A6D7C48"]}, {"type": "mscve", "idList": ["MS:CVE-2021-40444"]}, {"type": "malwarebytes", "idList": ["MALWAREBYTES:DB54B348AF1AC41987150B5CE7B1BC66", "MALWAREBYTES:76333D1F0FCAFD79FA2EDD4A4CAFBB38", "MALWAREBYTES:801E20618F96EF51F9E60F7BC7906C2B"]}, {"type": "krebs", "idList": ["KREBS:2EC42B845847A6DCFE50ECEB9FF61C29", "KREBS:409088FC2DFC219B74043104C2B672CC"]}, {"type": "kaspersky", "idList": ["KLA12278", "KLA12277"]}, {"type": "avleonov", "idList": ["AVLEONOV:5945665DFA613F7707360C10CED8C916"]}, {"type": "qualysblog", "idList": ["QUALYSBLOG:5576D16DC39617927D8AEFF027CC0911"]}, {"type": "rapid7blog", "idList": ["RAPID7BLOG:CC071AA6971D64B0F7A596B2BBD5F046"]}], "modified": "2021-09-25T14:39:46", "rev": 2}, "score": {"value": 4.1, "vector": "NONE", "modified": "2021-09-25T14:39:46", "rev": 2}, "vulnersScore": 4.1}, "toolHref": "https://github.com/pwnesia/dnstake", "scheme": null}
{"cve": [{"id": "CVE-2021-40444", "bulletinFamily": "NVD", "title": "CVE-2021-40444", "description": "Microsoft MSHTML Remote Code Execution Vulnerability", "published": "2021-09-15T12:15:00", "modified": "2021-09-24T18:43:00", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}, "cvss2": {}, "cvss3": {}, "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-40444", "reporter": "secure@microsoft.com", "references": ["http://packetstormsecurity.com/files/164210/Microsoft-Windows-MSHTML-Overview.html", "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-40444"], "cvelist": ["CVE-2021-40444"], "immutableFields": [], "type": "cve", "lastseen": "2021-09-25T07:31:05", "history": [{"bulletin": {"affectedConfiguration": [], "affectedSoftware": [], "bulletinFamily": "NVD", "cpe": [], "cpe23": [], "cpeConfiguration": {"CVE_data_version": "4.0", "nodes": []}, "cvelist": ["CVE-2021-40444"], "cvss": {"score": 0.0, "vector": "NONE"}, "cvss2": {}, "cvss3": {}, "cwe": [], "description": "Microsoft MSHTML Remote Code Execution Vulnerability", "edition": 2, "enchantments": {"dependencies": {"modified": "2021-09-21T07:26:45", "references": [{"idList": ["MMPC:795E0A765679492C51FEFA2B19EAD597"], "type": "mmpc"}, {"idList": ["MSSECURE:795E0A765679492C51FEFA2B19EAD597"], "type": "mssecure"}, {"idList": ["SECURELIST:63306FA6D056BD9A04969409AC790D84"], "type": "securelist"}, {"idList": ["TRENDMICROBLOG:E0C479F55DF4C53A47CA2170110555AE"], "type": "trendmicroblog"}, {"idList": ["CISA:C70D91615E3DC8B589B493118D474566"], "type": "cisa"}, {"idList": ["KITPLOIT:3396416227524978074", "KITPLOIT:7789149205645008870", "KITPLOIT:6008393679699187090", "KITPLOIT:8334430559982524164", "KITPLOIT:5585321654996244426", "KITPLOIT:2497109412964403133", "KITPLOIT:3218206217528709129", "KITPLOIT:2724799502172610063", "KITPLOIT:2841975626077738953", "KITPLOIT:3533159198889921033", "KITPLOIT:1250903811043992946", "KITPLOIT:5290573189034487005", "KITPLOIT:848463820905383105", "KITPLOIT:6917379841953280498", "KITPLOIT:9097171983798210258", "KITPLOIT:587975018929223321", "KITPLOIT:1363445850221033458", "KITPLOIT:6926022659065559653", "KITPLOIT:6214908191767538428", "KITPLOIT:3909605031175924878", "KITPLOIT:3849694762259882650", "KITPLOIT:1209088200888498697", "KITPLOIT:8379580029555907807", "KITPLOIT:6824279770707710960", "KITPLOIT:7170403505817439934", "KITPLOIT:5904935249143201692", "KITPLOIT:8499023585011023148", "KITPLOIT:8789812223087643496", "KITPLOIT:7406299109796896562", "KITPLOIT:8047817273675439648", "KITPLOIT:5453323491288009207", "KITPLOIT:4323259909924086202", "KITPLOIT:5327567625025429751", "KITPLOIT:4335801968943318250", "KITPLOIT:2730776451192307166", "KITPLOIT:1894191446786436040", "KITPLOIT:1031224287377204291", "KITPLOIT:6666619513896093313", "KITPLOIT:7013206783445687496", "KITPLOIT:27055489147920194", "KITPLOIT:5995412546235426596", "KITPLOIT:1403667296775256801", "KITPLOIT:4082474545561945313", "KITPLOIT:4736093442748652862", "KITPLOIT:6124305379505285283", "KITPLOIT:6286724659591250825", "KITPLOIT:94616681014916693", "KITPLOIT:6664657084705195789", "KITPLOIT:2034807463336971538", "KITPLOIT:255016201019478091", "KITPLOIT:2383618563527827243", "KITPLOIT:6640979275825511240", "KITPLOIT:2238576556495942896", "KITPLOIT:1858323494506201112", "KITPLOIT:4174094396192695168", "KITPLOIT:4130716606891191671", "KITPLOIT:9211607077228511225", "KITPLOIT:2568607232564963414", "KITPLOIT:7186371863500249536", "KITPLOIT:3797568159212031050", "KITPLOIT:6355636077585219981", "KITPLOIT:1252319430497901634", "KITPLOIT:8828739412591062572", "KITPLOIT:1526209933324551002", "KITPLOIT:7319610880512463866", "KITPLOIT:6678364144790792737", "KITPLOIT:6660305136605052089", "KITPLOIT:7514230884795260674", "KITPLOIT:7342028505200004147", "KITPLOIT:8725541879369992511", "KITPLOIT:5587090151288507449", "KITPLOIT:1230306373172275879", "KITPLOIT:1456220976477290773", "KITPLOIT:8970937124152019920", "KITPLOIT:6260049232951867559", "KITPLOIT:2607033129013838314", "KITPLOIT:6182648556769164573", "KITPLOIT:3697667464193804316", "KITPLOIT:1091334343635684654", "KITPLOIT:4300516647684705208", "KITPLOIT:3484009587642482927", "KITPLOIT:2732343878050291042", "KITPLOIT:3035518240771157033", "KITPLOIT:7829022271581016235", "KITPLOIT:8894502723099443623", "KITPLOIT:3066113934886614932", "KITPLOIT:3518597037592186309", "KITPLOIT:8465695552472989398", "KITPLOIT:7724252089977941326", "KITPLOIT:6864742450884982183", "KITPLOIT:8435736516028072747", "KITPLOIT:5573861463947209571", "KITPLOIT:5960683155408110323"], "type": "kitploit"}, {"idList": ["AKB:F7CCD0B7-220B-49E5-A4DF-27E26B64A3F0"], "type": "attackerkb"}], "rev": 2}, "exploitation": {"modified": "2021-09-21T07:26:45", "wildExploited": true, "wildExploitedSources": [{"idList": ["CISA:C70D91615E3DC8B589B493118D474566"], "type": "cisa"}, {"idList": ["AKB:F7CCD0B7-220B-49E5-A4DF-27E26B64A3F0"], "type": "attackerkb"}]}, "score": {"modified": "2021-09-21T07:26:45", "rev": 2, "value": 1.5, "vector": "NONE"}}, "extraReferences": [{"name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-40444", "refsource": "MISC", "tags": [], "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-40444"}, {"name": "http://packetstormsecurity.com/files/164210/Microsoft-Windows-MSHTML-Overview.html", "refsource": "MISC", "tags": [], "url": "http://packetstormsecurity.com/files/164210/Microsoft-Windows-MSHTML-Overview.html"}], "hash": "9899df15ff1a1d9eec4c5bc4c4eb74d0694b7526ac6ea06357dfd86f71ebf67a", "hashmap": [{"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "immutableFields"}, {"hash": "d59ea02040f0470db6cce5cfdec17444", "key": "published"}, {"hash": "00e30dc271717793d3c616d6decd2456", "key": "title"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "affectedConfiguration"}, {"hash": "6751dc280ce1590c246fdcdbc576a018", "key": "references"}, {"hash": "eded758ad8e980c221466f6bf753653a", "key": "href"}, {"hash": "57400fe6adb520f2e030a46569eba62f", "key": "cvelist"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "cwe"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "affectedSoftware"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "cpe23"}, {"hash": "1716b5fcbb7121af74efdc153d0166c5", "key": "type"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "cvss3"}, {"hash": "53b57639ba6ef0b6852046a9f9ad6b32", "key": "extraReferences"}, {"hash": "8cd4821cb504d25572038ed182587d85", "key": "cvss"}, {"hash": "029dfc07c499dc142a429cac0a029e99", "key": "reporter"}, {"hash": "a6f3b04353e88a0ca03b703bad07e799", "key": "description"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "cvss2"}, {"hash": "54b2ef9acf7584e64b335ffdf428763e", "key": "modified"}, {"hash": "601892ece72be3be2f57266ca2354792", "key": "bulletinFamily"}, {"hash": "81342635da437da3b0897e10f103e0d6", "key": "cpeConfiguration"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "cpe"}], "history": [], "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-40444", "id": "CVE-2021-40444", "immutableFields": [], "lastseen": "2021-09-21T07:26:45", "modified": "2021-09-20T18:15:00", "objectVersion": "1.6", "published": "2021-09-15T12:15:00", "references": ["http://packetstormsecurity.com/files/164210/Microsoft-Windows-MSHTML-Overview.html", "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-40444"], "reporter": "secure@microsoft.com", "title": "CVE-2021-40444", "type": "cve", "viewCount": 34}, "different_elements": ["extraReferences", "cpe23", "cvss", "modified", "cpe", "cwe", "affectedSoftware", "cpeConfiguration"], "edition": 2, "lastseen": "2021-09-21T07:26:45"}, {"bulletin": {"affectedConfiguration": [], "affectedSoftware": [], "bulletinFamily": "NVD", "cpe": [], "cpe23": [], "cpeConfiguration": {"CVE_data_version": "4.0", "nodes": []}, "cvelist": ["CVE-2021-40444"], "cvss": {"score": 0.0, "vector": "NONE"}, "cvss2": {}, "cvss3": {}, "cwe": [], "description": "Microsoft MSHTML Remote Code Execution Vulnerability", "edition": 1, "enchantments": {"dependencies": {"modified": "2021-09-16T07:26:32", "references": [{"idList": ["MMPC:795E0A765679492C51FEFA2B19EAD597"], "type": "mmpc"}, {"idList": ["MSSECURE:795E0A765679492C51FEFA2B19EAD597"], "type": "mssecure"}, {"idList": ["SECURELIST:63306FA6D056BD9A04969409AC790D84"], "type": "securelist"}, {"idList": ["TRENDMICROBLOG:E0C479F55DF4C53A47CA2170110555AE"], "type": "trendmicroblog"}, {"idList": ["CISA:C70D91615E3DC8B589B493118D474566"], "type": "cisa"}, {"idList": ["AKB:F7CCD0B7-220B-49E5-A4DF-27E26B64A3F0"], "type": "attackerkb"}, {"idList": ["KITPLOIT:4016420172389198029", "KITPLOIT:4748972404732044747", "KITPLOIT:559639633408423766", "KITPLOIT:1527985664782395022", "KITPLOIT:2980718249933760573", "KITPLOIT:7325744874909296769", "KITPLOIT:7409171806367586491", "KITPLOIT:6472830821627965994", "KITPLOIT:8923556049154280595", "KITPLOIT:3697667464193804316"], "type": "kitploit"}], "rev": 2}, "exploitation": {"modified": "2021-09-16T07:26:32", "wildExploited": true, "wildExploitedSources": [{"idList": ["CISA:C70D91615E3DC8B589B493118D474566"], "type": "cisa"}, {"idList": ["AKB:F7CCD0B7-220B-49E5-A4DF-27E26B64A3F0"], "type": "attackerkb"}]}, "score": {"modified": "2021-09-16T07:26:32", "rev": 2, "value": 1.5, "vector": "NONE"}}, "extraReferences": [{"name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-40444", "refsource": "MISC", "tags": [], "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-40444"}], "hash": "9d04bec1c5549fc2dc6aa3ea878419ff604a462d10a6a1b6a42eda4845581a77", "hashmap": [{"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "immutableFields"}, {"hash": "d59ea02040f0470db6cce5cfdec17444", "key": "published"}, {"hash": "c672e267260facaf46d59d15d1b24325", "key": "extraReferences"}, {"hash": "00e30dc271717793d3c616d6decd2456", "key": "title"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "affectedConfiguration"}, {"hash": "eded758ad8e980c221466f6bf753653a", "key": "href"}, {"hash": "57400fe6adb520f2e030a46569eba62f", "key": "cvelist"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "cwe"}, {"hash": "c7ca0c92627ab950fda6461252c1b315", "key": "references"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "affectedSoftware"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "cpe23"}, {"hash": "1716b5fcbb7121af74efdc153d0166c5", "key": "type"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "cvss3"}, {"hash": "8cd4821cb504d25572038ed182587d85", "key": "cvss"}, {"hash": "029dfc07c499dc142a429cac0a029e99", "key": "reporter"}, {"hash": "a6f3b04353e88a0ca03b703bad07e799", "key": "description"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "cvss2"}, {"hash": "601892ece72be3be2f57266ca2354792", "key": "bulletinFamily"}, {"hash": "6d633a9dbd3af10e31d5c88a7fc81086", "key": "modified"}, {"hash": "81342635da437da3b0897e10f103e0d6", "key": "cpeConfiguration"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "cpe"}], "history": [], "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-40444", "id": "CVE-2021-40444", "immutableFields": [], "lastseen": "2021-09-16T07:26:32", "modified": "2021-09-15T12:27:00", "objectVersion": "1.6", "published": "2021-09-15T12:15:00", "references": ["https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-40444"], "reporter": "secure@microsoft.com", "title": "CVE-2021-40444", "type": "cve", "viewCount": 20}, "different_elements": ["extraReferences", "references", "modified"], "edition": 1, "lastseen": "2021-09-16T07:26:32"}], "edition": 3, "hashmap": [{"key": "affectedConfiguration", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "affectedSoftware", "hash": "c1383b95b4189590352555e0c7b21cbd"}, {"key": "bulletinFamily", "hash": "601892ece72be3be2f57266ca2354792"}, {"key": "cpe", "hash": "d88358896eab99aaa907abf6c6b1daa9"}, {"key": "cpe23", "hash": "f192d519f353da42dabd87a1b66484ee"}, {"key": "cpeConfiguration", "hash": "b14320d6a055b3bde3cfea480d44a8dd"}, {"key": "cvelist", "hash": "57400fe6adb520f2e030a46569eba62f"}, {"key": "cvss", "hash": "4cac367be6dd8242802053610be9dee6"}, {"key": "cvss2", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "cvss3", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "cwe", "hash": "d370d473ba1bd1721d669ef98e2aeebb"}, {"key": "description", "hash": "a6f3b04353e88a0ca03b703bad07e799"}, {"key": "extraReferences", "hash": "bd9849036d5cd6f704f3f5aef5e83c89"}, {"key": "href", "hash": "eded758ad8e980c221466f6bf753653a"}, {"key": "immutableFields", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "modified", "hash": "9681be0174138747f6413c7a106e74a8"}, {"key": "published", "hash": "d59ea02040f0470db6cce5cfdec17444"}, {"key": "references", "hash": "6751dc280ce1590c246fdcdbc576a018"}, {"key": "reporter", "hash": "029dfc07c499dc142a429cac0a029e99"}, {"key": "title", "hash": "00e30dc271717793d3c616d6decd2456"}, {"key": "type", "hash": "1716b5fcbb7121af74efdc153d0166c5"}], "hash": "d7be9270fd6bd8d7187d73e3c2807c873bc661554a472498e259cff20c0b86c2", "viewCount": 54, "enchantments": {"dependencies": {"references": [{"type": "attackerkb", "idList": ["AKB:F7CCD0B7-220B-49E5-A4DF-27E26B64A3F0"]}, {"type": "kitploit", "idList": ["KITPLOIT:4074521293617632933", "KITPLOIT:1624142243530526923", "KITPLOIT:4033244480100620751", "KITPLOIT:698315176468431184", "KITPLOIT:3697667464193804316", "KITPLOIT:5187040326820919368", "KITPLOIT:5184284878903042540", "KITPLOIT:3456474172768099634", "KITPLOIT:2590785192528609562", "KITPLOIT:5550923684662771880", "KITPLOIT:942518396640901655", "KITPLOIT:5230148353750207837"]}, {"type": "cisa", "idList": ["CISA:C70D91615E3DC8B589B493118D474566"]}, {"type": "securelist", "idList": ["SECURELIST:63306FA6D056BD9A04969409AC790D84"]}, {"type": "mmpc", "idList": ["MMPC:795E0A765679492C51FEFA2B19EAD597"]}, {"type": "mssecure", "idList": ["MSSECURE:795E0A765679492C51FEFA2B19EAD597"]}, {"type": "trendmicroblog", "idList": ["TRENDMICROBLOG:E17B66F8728189778826A0F497A540F2", "TRENDMICROBLOG:E0C479F55DF4C53A47CA2170110555AE"]}, {"type": "kaspersky", "idList": ["KLA12278", "KLA12277"]}, {"type": "nessus", "idList": ["SMB_NT_MS21_IE_SEPT_2021.NASL", "SMB_NT_MS21_SEP_5005565.NASL", "SMB_NT_MS21_SEP_INTERNET_EXPLORER.NASL", "SMB_NT_MS21_SEP_5005613.NASL", "SMB_NT_MS21_SEP_5005573.NASL", "SMB_NT_MS21_SEP_5005568.NASL", "SMB_NT_MS21_SEP_5005569.NASL", "SMB_NT_MS21_SEP_5005566.NASL"]}, {"type": "mskb", "idList": ["KB5005563"]}, {"type": "thn", "idList": ["THN:59AE75C78D4644BFA6AD90225B3DE0C1", "THN:67ECC712AB360F5A56F2434CDBF6B51F", "THN:D4E86BD8938D3B2E15104CA4922A51F8"]}, {"type": "threatpost", "idList": ["THREATPOST:6D61C560E85ECD0A7A35C55E74849510", "THREATPOST:62DC935BF4DB4EF8A4F1E83519B1D5CD", "THREATPOST:3C3F20C93519036CC712D1CA3A6D7C48"]}, {"type": "mscve", "idList": ["MS:CVE-2021-40444"]}, {"type": "malwarebytes", "idList": ["MALWAREBYTES:DB54B348AF1AC41987150B5CE7B1BC66", "MALWAREBYTES:76333D1F0FCAFD79FA2EDD4A4CAFBB38", "MALWAREBYTES:801E20618F96EF51F9E60F7BC7906C2B"]}, {"type": "krebs", "idList": ["KREBS:2EC42B845847A6DCFE50ECEB9FF61C29", "KREBS:409088FC2DFC219B74043104C2B672CC"]}, {"type": "avleonov", "idList": ["AVLEONOV:5945665DFA613F7707360C10CED8C916"]}, {"type": "qualysblog", "idList": ["QUALYSBLOG:5576D16DC39617927D8AEFF027CC0911"]}, {"type": "rapid7blog", "idList": ["RAPID7BLOG:CC071AA6971D64B0F7A596B2BBD5F046"]}], "modified": "2021-09-25T07:31:05", "rev": 2}, "exploitation": {"wildExploited": true, "wildExploitedSources": [{"type": "cisa", "idList": ["CISA:C70D91615E3DC8B589B493118D474566"]}, {"type": "attackerkb", "idList": ["AKB:F7CCD0B7-220B-49E5-A4DF-27E26B64A3F0"]}], "modified": "2021-09-25T07:31:05"}, "score": {"value": 2.4, "vector": "NONE", "modified": "2021-09-25T07:31:05", "rev": 2}}, "objectVersion": "1.6", "cpe": ["cpe:/o:microsoft:windows_server_2019:-", "cpe:/o:microsoft:windows_server_2016:2004", "cpe:/o:microsoft:windows_server_2022:-", "cpe:/o:microsoft:windows_rt_8.1:-", "cpe:/o:microsoft:windows_server_2008:-", "cpe:/o:microsoft:windows_10:21h1", "cpe:/o:microsoft:windows_10:-", "cpe:/o:microsoft:windows_server_2012:-", "cpe:/o:microsoft:windows_10:1607", "cpe:/o:microsoft:windows_10:1809", "cpe:/o:microsoft:windows_10:1909", "cpe:/o:microsoft:windows_server_2008:r2", "cpe:/o:microsoft:windows_8.1:-", "cpe:/o:microsoft:windows_server_2016:20h2", "cpe:/o:microsoft:windows_10:20h2", "cpe:/o:microsoft:windows_10:2004", "cpe:/o:microsoft:windows_server_2016:-", "cpe:/o:microsoft:windows_7:-"], "affectedSoftware": [{"cpeName": "microsoft:windows_10", "name": "microsoft windows 10", "operator": "eq", "version": "1809"}, {"cpeName": "microsoft:windows_10", "name": "microsoft windows 10", "operator": "eq", "version": "-"}, {"cpeName": "microsoft:windows_10", "name": "microsoft windows 10", "operator": "eq", "version": "1607"}, {"cpeName": "microsoft:windows_server_2008", "name": "microsoft windows server 2008", "operator": "eq", "version": "r2"}, {"cpeName": "microsoft:windows_rt_8.1", "name": "microsoft windows rt 8.1", "operator": "eq", "version": "-"}, {"cpeName": "microsoft:windows_server_2019", "name": "microsoft windows server 2019", "operator": "eq", "version": "-"}, {"cpeName": "microsoft:windows_server_2008", "name": "microsoft windows server 2008", "operator": "eq", "version": "-"}, {"cpeName": "microsoft:windows_server_2016", "name": "microsoft windows server 2016", "operator": "eq", "version": "2004"}, {"cpeName": "microsoft:windows_10", "name": "microsoft windows 10", "operator": "eq", "version": "21h1"}, {"cpeName": "microsoft:windows_10", "name": "microsoft windows 10", "operator": "eq", "version": "2004"}, {"cpeName": "microsoft:windows_server_2012", "name": "microsoft windows server 2012", "operator": "eq", "version": "-"}, {"cpeName": "microsoft:windows_server_2012", "name": "microsoft windows server 2012", "operator": "eq", "version": "-"}, {"cpeName": "microsoft:windows_8.1", "name": "microsoft windows 8.1", "operator": "eq", "version": "-"}, {"cpeName": "microsoft:windows_10", "name": "microsoft windows 10", "operator": "eq", "version": "20h2"}, {"cpeName": "microsoft:windows_7", "name": "microsoft windows 7", "operator": "eq", "version": "-"}, {"cpeName": "microsoft:windows_10", "name": "microsoft windows 10", "operator": "eq", "version": "1909"}, {"cpeName": "microsoft:windows_server_2022", "name": "microsoft windows server 2022", "operator": "eq", "version": "-"}, {"cpeName": "microsoft:windows_server_2016", "name": "microsoft windows server 2016", "operator": "eq", "version": "-"}, {"cpeName": "microsoft:windows_server_2016", "name": "microsoft windows server 2016", "operator": "eq", "version": "20h2"}], "affectedConfiguration": [], "cpeConfiguration": {"CVE_data_version": "4.0", "nodes": [{"children": [], "cpe_match": [{"cpe23Uri": "cpe:2.3:o:microsoft:windows_10:2004:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:o:microsoft:windows_server_2012:-:r2:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:o:microsoft:windows_10:1909:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:o:microsoft:windows_server_2008:-:sp2:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:o:microsoft:windows_10:20h2:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:x64:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:o:microsoft:windows_10:1607:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:o:microsoft:windows_server_2019:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:o:microsoft:windows_server_2016:2004:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:o:microsoft:windows_server_2012:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:o:microsoft:windows_10:21h1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:o:microsoft:windows_8.1:-:*:*:*:-:*:-:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:o:microsoft:windows_server_2016:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:o:microsoft:windows_10:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:o:microsoft:windows_7:-:sp1:*:*:-:*:-:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:o:microsoft:windows_server_2016:20h2:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:o:microsoft:windows_10:1809:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:o:microsoft:windows_rt_8.1:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:o:microsoft:windows_server_2022:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}], "operator": "OR"}]}, "extraReferences": [{"name": "http://packetstormsecurity.com/files/164210/Microsoft-Windows-MSHTML-Overview.html", "refsource": "MISC", "tags": ["Third Party Advisory", "Exploit"], "url": "http://packetstormsecurity.com/files/164210/Microsoft-Windows-MSHTML-Overview.html"}, {"name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-40444", "refsource": "MISC", "tags": ["Mitigation", "Patch", "Vendor Advisory"], "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-40444"}], "cpe23": ["cpe:2.3:o:microsoft:windows_server_2019:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1809:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2022:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_rt_8.1:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_8.1:-:*:*:*:-:*:-:*", "cpe:2.3:o:microsoft:windows_server_2016:20h2:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2012:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2016:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2012:-:r2:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2016:2004:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:21h1:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:2004:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2008:-:sp2:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:x64:*", "cpe:2.3:o:microsoft:windows_10:1607:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1909:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:20h2:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_7:-:sp1:*:*:-:*:-:*", "cpe:2.3:o:microsoft:windows_10:-:*:*:*:*:*:*:*"], "cwe": ["NVD-CWE-noinfo"], "scheme": null}], "attackerkb": [{"id": "AKB:F7CCD0B7-220B-49E5-A4DF-27E26B64A3F0", "hash": "3d52b470d5472513daaca763ba17c977", "type": "attackerkb", "bulletinFamily": "info", "title": "CVE-2021-40444", "description": "Microsoft MSHTML Remote Code Execution Vulnerability\n\n \n**Recent assessments:** \n \n**JunquerGJ** at September 07, 2021 10:50pm UTC reported:\n\n * Vulnerable if default behaviour has been changed ( By default, Microsoft Office opens documents from the internet in Protected View or Application Guard for Office both of which prevent the current attack ) \n\n * Requires social engineering to be exploited \n\n * Workaround easy to deploy\n\n**ccondon-r7** at September 07, 2021 7:12pm UTC reported:\n\n * Vulnerable if default behaviour has been changed ( By default, Microsoft Office opens documents from the internet in Protected View or Application Guard for Office both of which prevent the current attack ) \n\n * Requires social engineering to be exploited \n\n * Workaround easy to deploy\n\n**nu11secur1ty** at September 22, 2021 4:28pm UTC reported:\n\n * Vulnerable if default behaviour has been changed ( By default, Microsoft Office opens documents from the internet in Protected View or Application Guard for Office both of which prevent the current attack ) \n\n * Requires social engineering to be exploited \n\n * Workaround easy to deploy\n\n**NinjaOperator** at September 07, 2021 6:45pm UTC reported:\n\n * Vulnerable if default behaviour has been changed ( By default, Microsoft Office opens documents from the internet in Protected View or Application Guard for Office both of which prevent the current attack ) \n\n * Requires social engineering to be exploited \n\n * Workaround easy to deploy\n\nAssessed Attacker Value: 3 \nAssessed Attacker Value: 3Assessed Attacker Value: 2\n", "published": "2021-09-15T00:00:00", "modified": "2021-09-25T00:00:00", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}, "cvss2": {}, "cvss3": {}, "href": "https://attackerkb.com/topics/6ojqzQoPox/cve-2021-40444", "reporter": "AttackerKB", "references": ["https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-40444", "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-40444", "http://packetstormsecurity.com/files/164210/Microsoft-Windows-MSHTML-Overview.html"], "cvelist": ["CVE-2021-40444"], "immutableFields": [], "lastseen": "2021-10-22T19:44:13", "history": [{"bulletin": {"id": "AKB:F7CCD0B7-220B-49E5-A4DF-27E26B64A3F0", "hash": "1f37681cf42d62a45f11719b45d2ba83", "type": "attackerkb", "bulletinFamily": "info", "title": "CVE-2021-40444", "description": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.\n\n \n**Recent assessments:** \n \n**ccondon-r7** at September 07, 2021 7:12pm UTC reported:\n\nSounds from Microsoft\u2019s [out-of-band advisory](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-40444>) like this is seeing limited, targeted attacks and folks are only vulnerable in non-default configurations (i.e., \u201cby default, Microsoft Office opens documents from the internet in Protected View or Application Guard for Office both of which prevent the current attack\u201d). All this plus user interaction required = another social engineering opportunity for attackers with specific targets, but probably not a big concern as far as widespread, automated exploitation goes. No patch yet, but sounds like the most out-of-the-box mitigation is just to use the default option of opening docs in a protected manner.\n\n**NinjaOperator** at September 07, 2021 6:45pm UTC reported:\n\nSounds from Microsoft\u2019s [out-of-band advisory](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-40444>) like this is seeing limited, targeted attacks and folks are only vulnerable in non-default configurations (i.e., \u201cby default, Microsoft Office opens documents from the internet in Protected View or Application Guard for Office both of which prevent the current attack\u201d). All this plus user interaction required = another social engineering opportunity for attackers with specific targets, but probably not a big concern as far as widespread, automated exploitation goes. No patch yet, but sounds like the most out-of-the-box mitigation is just to use the default option of opening docs in a protected manner.\n\nAssessed Attacker Value: 3 \nAssessed Attacker Value: 3Assessed Attacker Value: 2\n", "published": "2021-09-02T00:00:00", "modified": "2021-09-02T00:00:00", "cvss": {"score": 0.0, "vector": "NONE"}, "cvss2": {}, "cvss3": {}, "href": "https://attackerkb.com/topics/6ojqzQoPox/cve-2021-40444", "reporter": "AttackerKB", "references": ["https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-40444"], "cvelist": ["CVE-2021-40444"], "immutableFields": [], "lastseen": "2021-09-07T19:45:06", "history": [], "viewCount": 0, "enchantments": {"dependencies": {"references": [{"type": "mscve", "idList": ["MS:CVE-2021-40444"]}], "modified": "2021-09-07T19:45:06", "rev": 2}, "score": {"value": 2.3, "vector": "NONE", "modified": "2021-09-07T19:45:06", "rev": 2}}, "objectVersion": "1.6", "attackerkb": {"attackerValue": 3, "exploitability": 2}, "wildExploited": true, "wildExploitedCategory": {"Vendor Advisory": ""}, "wildExploitedReports": [{"category": "Vendor Advisory", "source_url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-40444", "published": "2021-09-07T18:47:00"}], "references_categories": {"Canonical": ["https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-40444"]}, "tags": ["requires_interaction", "obscure_configuration"], "mitre_vector": {}, "last_activity": "2021-09-07T19:12:00"}, "lastseen": "2021-09-07T19:45:06", "differentElements": ["description", "last_activity", "wildExploitedReports"], "edition": 1}, {"bulletin": {"id": "AKB:F7CCD0B7-220B-49E5-A4DF-27E26B64A3F0", "hash": "ca2b2de2b1543c24a6921fded37825dd", "type": "attackerkb", "bulletinFamily": "info", "title": "CVE-2021-40444", "description": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.\n\n \n**Recent assessments:** \n \n**ccondon-r7** at September 07, 2021 7:12pm UTC reported:\n\nSounds from Microsoft\u2019s [out-of-band advisory](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-40444>) like this is seeing limited, targeted attacks and folks are only vulnerable in non-default configurations (i.e., \u201cby default, Microsoft Office opens documents from the internet in Protected View or Application Guard for Office both of which prevent the current attack\u201d). All this plus user interaction required = another social engineering opportunity for attackers with specific targets, but probably not a big concern as far as widespread, automated exploitation goes. No patch yet, but sounds like the most out-of-the-box mitigation is just to use the default option of opening docs in a protected manner.\n\n**JunquerGJ** at September 07, 2021 10:50pm UTC reported:\n\nSounds from Microsoft\u2019s [out-of-band advisory](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-40444>) like this is seeing limited, targeted attacks and folks are only vulnerable in non-default configurations (i.e., \u201cby default, Microsoft Office opens documents from the internet in Protected View or Application Guard for Office both of which prevent the current attack\u201d). All this plus user interaction required = another social engineering opportunity for attackers with specific targets, but probably not a big concern as far as widespread, automated exploitation goes. No patch yet, but sounds like the most out-of-the-box mitigation is just to use the default option of opening docs in a protected manner.\n\n**NinjaOperator** at September 07, 2021 6:45pm UTC reported:\n\nSounds from Microsoft\u2019s [out-of-band advisory](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-40444>) like this is seeing limited, targeted attacks and folks are only vulnerable in non-default configurations (i.e., \u201cby default, Microsoft Office opens documents from the internet in Protected View or Application Guard for Office both of which prevent the current attack\u201d). All this plus user interaction required = another social engineering opportunity for attackers with specific targets, but probably not a big concern as far as widespread, automated exploitation goes. No patch yet, but sounds like the most out-of-the-box mitigation is just to use the default option of opening docs in a protected manner.\n\nAssessed Attacker Value: 3 \nAssessed Attacker Value: 3Assessed Attacker Value: 2\n", "published": "2021-09-02T00:00:00", "modified": "2021-09-02T00:00:00", "cvss": {"score": 0.0, "vector": "NONE"}, "cvss2": {}, "cvss3": {}, "href": "https://attackerkb.com/topics/6ojqzQoPox/cve-2021-40444", "reporter": "AttackerKB", "references": ["https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-40444"], "cvelist": ["CVE-2021-40444"], "immutableFields": [], "lastseen": "2021-09-08T01:41:00", "history": [], "viewCount": 3, "enchantments": {"dependencies": {"references": [{"type": "krebs", "idList": ["KREBS:409088FC2DFC219B74043104C2B672CC"]}, {"type": "threatpost", "idList": ["THREATPOST:62DC935BF4DB4EF8A4F1E83519B1D5CD"]}, {"type": "mscve", "idList": ["MS:CVE-2021-40444"]}, {"type": "thn", "idList": ["THN:D4E86BD8938D3B2E15104CA4922A51F8"]}, {"type": "malwarebytes", "idList": ["MALWAREBYTES:DB54B348AF1AC41987150B5CE7B1BC66"]}], "modified": "2021-09-08T01:41:00", "rev": 2}, "score": {"value": 2.1, "vector": "NONE", "modified": "2021-09-08T01:41:00", "rev": 2}}, "objectVersion": "1.6", "attackerkb": {"attackerValue": 3, "exploitability": 2}, "wildExploited": true, "wildExploitedCategory": {"Vendor Advisory": ""}, "wildExploitedReports": [{"category": "Vendor Advisory", "source_url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-40444", "published": "2021-09-07T18:47:00"}, {"category": "Vendor Advisory", "source_url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-40444", "published": "2021-09-07T22:50:00"}], "references_categories": {"Canonical": ["https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-40444"]}, "tags": ["requires_interaction", "obscure_configuration"], "mitre_vector": {}, "last_activity": "2021-09-07T22:50:00"}, "lastseen": "2021-09-08T01:41:00", "differentElements": ["description"], "edition": 2}, {"bulletin": {"id": "AKB:F7CCD0B7-220B-49E5-A4DF-27E26B64A3F0", "hash": "1715a7966dc575d2ec2c0e380eef354d", "type": "attackerkb", "bulletinFamily": "info", "title": "CVE-2021-40444", "description": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.\n\n \n**Recent assessments:** \n \n**JunquerGJ** at September 07, 2021 10:50pm UTC reported:\n\n * Vulnerable if default behaviour has been changed ( By default, Microsoft Office opens documents from the internet in Protected View or Application Guard for Office both of which prevent the current attack ) \n\n * Requires social engineering to be exploited \n\n * Workaround easy to deploy\n\n**ccondon-r7** at September 07, 2021 7:12pm UTC reported:\n\n * Vulnerable if default behaviour has been changed ( By default, Microsoft Office opens documents from the internet in Protected View or Application Guard for Office both of which prevent the current attack ) \n\n * Requires social engineering to be exploited \n\n * Workaround easy to deploy\n\n**NinjaOperator** at September 07, 2021 6:45pm UTC reported:\n\n * Vulnerable if default behaviour has been changed ( By default, Microsoft Office opens documents from the internet in Protected View or Application Guard for Office both of which prevent the current attack ) \n\n * Requires social engineering to be exploited \n\n * Workaround easy to deploy\n\nAssessed Attacker Value: 3 \nAssessed Attacker Value: 3Assessed Attacker Value: 2\n", "published": "2021-09-02T00:00:00", "modified": "2021-09-02T00:00:00", "cvss": {"score": 0.0, "vector": "NONE"}, "cvss2": {}, "cvss3": {}, "href": "https://attackerkb.com/topics/6ojqzQoPox/cve-2021-40444", "reporter": "AttackerKB", "references": ["https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-40444"], "cvelist": ["CVE-2021-40444"], "immutableFields": [], "lastseen": "2021-09-08T16:44:46", "history": [], "viewCount": 47, "enchantments": {"dependencies": {"references": [{"type": "cve", "idList": ["CVE-2021-40444"]}, {"type": "kitploit", "idList": ["KITPLOIT:4074521293617632933", "KITPLOIT:1624142243530526923", "KITPLOIT:4033244480100620751", "KITPLOIT:698315176468431184", "KITPLOIT:3697667464193804316", "KITPLOIT:5187040326820919368", "KITPLOIT:5184284878903042540", "KITPLOIT:3456474172768099634", "KITPLOIT:2590785192528609562", "KITPLOIT:5550923684662771880", "KITPLOIT:942518396640901655", "KITPLOIT:5230148353750207837"]}, {"type": "securelist", "idList": ["SECURELIST:63306FA6D056BD9A04969409AC790D84"]}, {"type": "cisa", "idList": ["CISA:C70D91615E3DC8B589B493118D474566"]}, {"type": "mmpc", "idList": ["MMPC:795E0A765679492C51FEFA2B19EAD597"]}, {"type": "mssecure", "idList": ["MSSECURE:795E0A765679492C51FEFA2B19EAD597"]}, {"type": "trendmicroblog", "idList": ["TRENDMICROBLOG:E0C479F55DF4C53A47CA2170110555AE", "TRENDMICROBLOG:E17B66F8728189778826A0F497A540F2"]}, {"type": "kaspersky", "idList": ["KLA12278", "KLA12277"]}, {"type": "nessus", "idList": ["SMB_NT_MS21_IE_SEPT_2021.NASL", "SMB_NT_MS21_SEP_5005565.NASL", "SMB_NT_MS21_SEP_INTERNET_EXPLORER.NASL", "SMB_NT_MS21_SEP_5005613.NASL", "SMB_NT_MS21_SEP_5005573.NASL", "SMB_NT_MS21_SEP_5005568.NASL", "SMB_NT_MS21_SEP_5005569.NASL", "SMB_NT_MS21_SEP_5005566.NASL"]}, {"type": "mskb", "idList": ["KB5005563"]}, {"type": "thn", "idList": ["THN:59AE75C78D4644BFA6AD90225B3DE0C1", "THN:67ECC712AB360F5A56F2434CDBF6B51F", "THN:D4E86BD8938D3B2E15104CA4922A51F8"]}, {"type": "threatpost", "idList": ["THREATPOST:6D61C560E85ECD0A7A35C55E74849510", "THREATPOST:62DC935BF4DB4EF8A4F1E83519B1D5CD", "THREATPOST:3C3F20C93519036CC712D1CA3A6D7C48"]}, {"type": "mscve", "idList": ["MS:CVE-2021-40444"]}, {"type": "malwarebytes", "idList": ["MALWAREBYTES:DB54B348AF1AC41987150B5CE7B1BC66", "MALWAREBYTES:76333D1F0FCAFD79FA2EDD4A4CAFBB38", "MALWAREBYTES:801E20618F96EF51F9E60F7BC7906C2B"]}, {"type": "krebs", "idList": ["KREBS:2EC42B845847A6DCFE50ECEB9FF61C29", "KREBS:409088FC2DFC219B74043104C2B672CC"]}, {"type": "avleonov", "idList": ["AVLEONOV:5945665DFA613F7707360C10CED8C916"]}, {"type": "qualysblog", "idList": ["QUALYSBLOG:5576D16DC39617927D8AEFF027CC0911"]}, {"type": "rapid7blog", "idList": ["RAPID7BLOG:CC071AA6971D64B0F7A596B2BBD5F046"]}], "modified": "2021-09-08T16:44:46", "rev": 2}, "score": {"value": 3.8, "vector": "NONE", "modified": "2021-09-08T16:44:46", "rev": 2}}, "objectVersion": "1.6", "attackerkb": {"attackerValue": 3, "exploitability": 2}, "wildExploited": true, "wildExploitedCategory": {"Vendor Advisory": ""}, "wildExploitedReports": [{"category": "Vendor Advisory", "source_url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-40444", "published": "2021-09-07T18:47:00"}, {"category": "Vendor Advisory", "source_url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-40444", "published": "2021-09-07T22:50:00"}], "references_categories": {"Canonical": ["https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-40444"]}, "tags": ["requires_interaction", "obscure_configuration"], "mitre_vector": {}, "last_activity": "2021-09-07T22:50:00"}, "lastseen": "2021-09-08T16:44:46", "differentElements": ["cvss", "description", "last_activity", "mitre_vector", "modified", "published", "references", "references_categories", "wildExploitedCategory", "wildExploitedReports"], "edition": 3}, {"bulletin": {"id": "AKB:F7CCD0B7-220B-49E5-A4DF-27E26B64A3F0", "hash": "3d52b470d5472513daaca763ba17c977", "type": "attackerkb", "bulletinFamily": "info", "title": "CVE-2021-40444", "description": "Microsoft MSHTML Remote Code Execution Vulnerability\n\n \n**Recent assessments:** \n \n**JunquerGJ** at September 07, 2021 10:50pm UTC reported:\n\n * Vulnerable if default behaviour has been changed ( By default, Microsoft Office opens documents from the internet in Protected View or Application Guard for Office both of which prevent the current attack ) \n\n * Requires social engineering to be exploited \n\n * Workaround easy to deploy\n\n**ccondon-r7** at September 07, 2021 7:12pm UTC reported:\n\n * Vulnerable if default behaviour has been changed ( By default, Microsoft Office opens documents from the internet in Protected View or Application Guard for Office both of which prevent the current attack ) \n\n * Requires social engineering to be exploited \n\n * Workaround easy to deploy\n\n**nu11secur1ty** at September 22, 2021 4:28pm UTC reported:\n\n * Vulnerable if default behaviour has been changed ( By default, Microsoft Office opens documents from the internet in Protected View or Application Guard for Office both of which prevent the current attack ) \n\n * Requires social engineering to be exploited \n\n * Workaround easy to deploy\n\n**NinjaOperator** at September 07, 2021 6:45pm UTC reported:\n\n * Vulnerable if default behaviour has been changed ( By default, Microsoft Office opens documents from the internet in Protected View or Application Guard for Office both of which prevent the current attack ) \n\n * Requires social engineering to be exploited \n\n * Workaround easy to deploy\n\nAssessed Attacker Value: 3 \nAssessed Attacker Value: 3Assessed Attacker Value: 2\n", "published": "2021-09-15T00:00:00", "modified": "2021-09-25T00:00:00", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}, "cvss2": {}, "cvss3": {}, "href": "https://attackerkb.com/topics/6ojqzQoPox/cve-2021-40444", "reporter": "AttackerKB", "references": ["https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-40444", "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-40444", "http://packetstormsecurity.com/files/164210/Microsoft-Windows-MSHTML-Overview.html"], "cvelist": ["CVE-2021-40444"], "immutableFields": [], "lastseen": "2021-10-04T22:42:32", "history": [], "viewCount": 47, "enchantments": {"dependencies": {"references": [{"type": "cve", "idList": ["CVE-2021-40444"]}, {"type": "kitploit", "idList": ["KITPLOIT:4074521293617632933", "KITPLOIT:1624142243530526923", "KITPLOIT:4033244480100620751", "KITPLOIT:698315176468431184", "KITPLOIT:3697667464193804316", "KITPLOIT:5187040326820919368", "KITPLOIT:5184284878903042540", "KITPLOIT:3456474172768099634", "KITPLOIT:2590785192528609562", "KITPLOIT:5550923684662771880", "KITPLOIT:942518396640901655", "KITPLOIT:5230148353750207837"]}, {"type": "securelist", "idList": ["SECURELIST:63306FA6D056BD9A04969409AC790D84"]}, {"type": "cisa", "idList": ["CISA:C70D91615E3DC8B589B493118D474566"]}, {"type": "mmpc", "idList": ["MMPC:795E0A765679492C51FEFA2B19EAD597"]}, {"type": "mssecure", "idList": ["MSSECURE:795E0A765679492C51FEFA2B19EAD597"]}, {"type": "trendmicroblog", "idList": ["TRENDMICROBLOG:E0C479F55DF4C53A47CA2170110555AE", "TRENDMICROBLOG:E17B66F8728189778826A0F497A540F2"]}, {"type": "kaspersky", "idList": ["KLA12278", "KLA12277"]}, {"type": "nessus", "idList": ["SMB_NT_MS21_IE_SEPT_2021.NASL", "SMB_NT_MS21_SEP_5005565.NASL", "SMB_NT_MS21_SEP_INTERNET_EXPLORER.NASL", "SMB_NT_MS21_SEP_5005613.NASL", "SMB_NT_MS21_SEP_5005573.NASL", "SMB_NT_MS21_SEP_5005568.NASL", "SMB_NT_MS21_SEP_5005569.NASL", "SMB_NT_MS21_SEP_5005566.NASL"]}, {"type": "mskb", "idList": ["KB5005563"]}, {"type": "thn", "idList": ["THN:59AE75C78D4644BFA6AD90225B3DE0C1", "THN:67ECC712AB360F5A56F2434CDBF6B51F", "THN:D4E86BD8938D3B2E15104CA4922A51F8"]}, {"type": "threatpost", "idList": ["THREATPOST:6D61C560E85ECD0A7A35C55E74849510", "THREATPOST:62DC935BF4DB4EF8A4F1E83519B1D5CD", "THREATPOST:3C3F20C93519036CC712D1CA3A6D7C48"]}, {"type": "mscve", "idList": ["MS:CVE-2021-40444"]}, {"type": "malwarebytes", "idList": ["MALWAREBYTES:DB54B348AF1AC41987150B5CE7B1BC66", "MALWAREBYTES:76333D1F0FCAFD79FA2EDD4A4CAFBB38", "MALWAREBYTES:801E20618F96EF51F9E60F7BC7906C2B"]}, {"type": "krebs", "idList": ["KREBS:2EC42B845847A6DCFE50ECEB9FF61C29", "KREBS:409088FC2DFC219B74043104C2B672CC"]}, {"type": "avleonov", "idList": ["AVLEONOV:5945665DFA613F7707360C10CED8C916"]}, {"type": "qualysblog", "idList": ["QUALYSBLOG:5576D16DC39617927D8AEFF027CC0911"]}, {"type": "rapid7blog", "idList": ["RAPID7BLOG:CC071AA6971D64B0F7A596B2BBD5F046"]}], "modified": "2021-09-08T16:44:46", "rev": 2}, "score": {"value": 3.8, "vector": "NONE", "modified": "2021-09-08T16:44:46", "rev": 2}}, "objectVersion": "1.6", "attackerkb": {"attackerValue": 3, "exploitability": 2}, "wildExploited": true, "wildExploitedCategory": {"Vendor Advisory": "", "News Article or Blog": ""}, "wildExploitedReports": [{"category": "Vendor Advisory", "source_url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-40444", "published": "2021-09-07T18:47:00"}, {"category": "Vendor Advisory", "source_url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-40444", "published": "2021-09-07T22:50:00"}, {"category": "Vendor Advisory", "source_url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-40444", "published": "2021-09-09T09:55:00"}, {"category": "News Article or Blog", "source_url": "", "published": "2021-09-10T05:06:00"}, {"category": "Vendor Advisory", "source_url": "https://www.microsoft.com/security/blog/2021/09/15/analyzing-attacks-that-exploit-the-mshtml-cve-2021-40444-vulnerability/", "published": "2021-09-17T14:53:00"}, {"category": "Threat Feed", "source_url": "", "published": "2021-09-17T14:53:00"}], "references_categories": {"Canonical": ["https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-40444"], "Miscellaneous": ["https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-40444", "http://packetstormsecurity.com/files/164210/Microsoft-Windows-MSHTML-Overview.html"]}, "tags": ["requires_interaction", "obscure_configuration"], "mitre_vector": {"Execution": ["Command and Scripting Interpreter: Windows Command Shell(Validated)", "Exploitation for Client Execution(Validated)", "User Execution(Validated)"]}, "last_activity": "2021-09-25T00:00:00"}, "lastseen": "2021-10-04T22:42:32", "differentElements": ["href"], "edition": 4}, {"bulletin": {"id": "AKB:F7CCD0B7-220B-49E5-A4DF-27E26B64A3F0", "hash": "f895324dfc94580c2fd6a7d9a0f2f27a", "type": "attackerkb", "bulletinFamily": "info", "title": "CVE-2021-40444", "description": "Microsoft MSHTML Remote Code Execution Vulnerability\n\n \n**Recent assessments:** \n \n**JunquerGJ** at September 07, 2021 10:50pm UTC reported:\n\n * Vulnerable if default behaviour has been changed ( By default, Microsoft Office opens documents from the internet in Protected View or Application Guard for Office both of which prevent the current attack ) \n\n * Requires social engineering to be exploited \n\n * Workaround easy to deploy\n\n**ccondon-r7** at September 07, 2021 7:12pm UTC reported:\n\n * Vulnerable if default behaviour has been changed ( By default, Microsoft Office opens documents from the internet in Protected View or Application Guard for Office both of which prevent the current attack ) \n\n * Requires social engineering to be exploited \n\n * Workaround easy to deploy\n\n**nu11secur1ty** at September 22, 2021 4:28pm UTC reported:\n\n * Vulnerable if default behaviour has been changed ( By default, Microsoft Office opens documents from the internet in Protected View or Application Guard for Office both of which prevent the current attack ) \n\n * Requires social engineering to be exploited \n\n * Workaround easy to deploy\n\n**NinjaOperator** at September 07, 2021 6:45pm UTC reported:\n\n * Vulnerable if default behaviour has been changed ( By default, Microsoft Office opens documents from the internet in Protected View or Application Guard for Office both of which prevent the current attack ) \n\n * Requires social engineering to be exploited \n\n * Workaround easy to deploy\n\nAssessed Attacker Value: 3 \nAssessed Attacker Value: 3Assessed Attacker Value: 2\n", "published": "2021-09-15T00:00:00", "modified": "2021-09-25T00:00:00", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}, "cvss2": {}, "cvss3": {}, "href": "https://attackerkb.com/comments/d5168efc-757d-4584-a59f-dd75d566c156", "reporter": "AttackerKB", "references": ["https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-40444", "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-40444", "http://packetstormsecurity.com/files/164210/Microsoft-Windows-MSHTML-Overview.html"], "cvelist": ["CVE-2021-40444"], "immutableFields": [], "lastseen": "2021-10-04T22:43:47", "history": [], "viewCount": 47, "enchantments": {"dependencies": {"references": [{"type": "cve", "idList": ["CVE-2021-40444"]}, {"type": "kitploit", "idList": ["KITPLOIT:4074521293617632933", "KITPLOIT:1624142243530526923", "KITPLOIT:4033244480100620751", "KITPLOIT:698315176468431184", "KITPLOIT:3697667464193804316", "KITPLOIT:5187040326820919368", "KITPLOIT:5184284878903042540", "KITPLOIT:3456474172768099634", "KITPLOIT:2590785192528609562", "KITPLOIT:5550923684662771880", "KITPLOIT:942518396640901655", "KITPLOIT:5230148353750207837"]}, {"type": "securelist", "idList": ["SECURELIST:63306FA6D056BD9A04969409AC790D84"]}, {"type": "cisa", "idList": ["CISA:C70D91615E3DC8B589B493118D474566"]}, {"type": "mmpc", "idList": ["MMPC:795E0A765679492C51FEFA2B19EAD597"]}, {"type": "mssecure", "idList": ["MSSECURE:795E0A765679492C51FEFA2B19EAD597"]}, {"type": "trendmicroblog", "idList": ["TRENDMICROBLOG:E0C479F55DF4C53A47CA2170110555AE", "TRENDMICROBLOG:E17B66F8728189778826A0F497A540F2"]}, {"type": "kaspersky", "idList": ["KLA12278", "KLA12277"]}, {"type": "nessus", "idList": ["SMB_NT_MS21_IE_SEPT_2021.NASL", "SMB_NT_MS21_SEP_5005565.NASL", "SMB_NT_MS21_SEP_INTERNET_EXPLORER.NASL", "SMB_NT_MS21_SEP_5005613.NASL", "SMB_NT_MS21_SEP_5005573.NASL", "SMB_NT_MS21_SEP_5005568.NASL", "SMB_NT_MS21_SEP_5005569.NASL", "SMB_NT_MS21_SEP_5005566.NASL"]}, {"type": "mskb", "idList": ["KB5005563"]}, {"type": "thn", "idList": ["THN:59AE75C78D4644BFA6AD90225B3DE0C1", "THN:67ECC712AB360F5A56F2434CDBF6B51F", "THN:D4E86BD8938D3B2E15104CA4922A51F8"]}, {"type": "threatpost", "idList": ["THREATPOST:6D61C560E85ECD0A7A35C55E74849510", "THREATPOST:62DC935BF4DB4EF8A4F1E83519B1D5CD", "THREATPOST:3C3F20C93519036CC712D1CA3A6D7C48"]}, {"type": "mscve", "idList": ["MS:CVE-2021-40444"]}, {"type": "malwarebytes", "idList": ["MALWAREBYTES:DB54B348AF1AC41987150B5CE7B1BC66", "MALWAREBYTES:76333D1F0FCAFD79FA2EDD4A4CAFBB38", "MALWAREBYTES:801E20618F96EF51F9E60F7BC7906C2B"]}, {"type": "krebs", "idList": ["KREBS:2EC42B845847A6DCFE50ECEB9FF61C29", "KREBS:409088FC2DFC219B74043104C2B672CC"]}, {"type": "avleonov", "idList": ["AVLEONOV:5945665DFA613F7707360C10CED8C916"]}, {"type": "qualysblog", "idList": ["QUALYSBLOG:5576D16DC39617927D8AEFF027CC0911"]}, {"type": "rapid7blog", "idList": ["RAPID7BLOG:CC071AA6971D64B0F7A596B2BBD5F046"]}], "modified": "2021-09-08T16:44:46", "rev": 2}, "score": {"value": 3.8, "vector": "NONE", "modified": "2021-09-08T16:44:46", "rev": 2}}, "objectVersion": "1.6", "attackerkb": {"attackerValue": 3, "exploitability": 2}, "wildExploited": true, "wildExploitedCategory": {"Vendor Advisory": "", "News Article or Blog": ""}, "wildExploitedReports": [{"category": "Vendor Advisory", "source_url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-40444", "published": "2021-09-07T18:47:00"}, {"category": "Vendor Advisory", "source_url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-40444", "published": "2021-09-07T22:50:00"}, {"category": "Vendor Advisory", "source_url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-40444", "published": "2021-09-09T09:55:00"}, {"category": "News Article or Blog", "source_url": "", "published": "2021-09-10T05:06:00"}, {"category": "Vendor Advisory", "source_url": "https://www.microsoft.com/security/blog/2021/09/15/analyzing-attacks-that-exploit-the-mshtml-cve-2021-40444-vulnerability/", "published": "2021-09-17T14:53:00"}, {"category": "Threat Feed", "source_url": "", "published": "2021-09-17T14:53:00"}], "references_categories": {"Canonical": ["https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-40444"], "Miscellaneous": ["https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-40444", "http://packetstormsecurity.com/files/164210/Microsoft-Windows-MSHTML-Overview.html"]}, "tags": ["requires_interaction", "obscure_configuration"], "mitre_vector": {"Execution": ["Command and Scripting Interpreter: Windows Command Shell(Validated)", "Exploitation for Client Execution(Validated)", "User Execution(Validated)"]}, "last_activity": "2021-09-25T00:00:00"}, "lastseen": "2021-10-04T22:43:47", "differentElements": ["href"], "edition": 5}, {"bulletin": {"id": "AKB:F7CCD0B7-220B-49E5-A4DF-27E26B64A3F0", "hash": "3d52b470d5472513daaca763ba17c977", "type": "attackerkb", "bulletinFamily": "info", "title": "CVE-2021-40444", "description": "Microsoft MSHTML Remote Code Execution Vulnerability\n\n \n**Recent assessments:** \n \n**JunquerGJ** at September 07, 2021 10:50pm UTC reported:\n\n * Vulnerable if default behaviour has been changed ( By default, Microsoft Office opens documents from the internet in Protected View or Application Guard for Office both of which prevent the current attack ) \n\n * Requires social engineering to be exploited \n\n * Workaround easy to deploy\n\n**ccondon-r7** at September 07, 2021 7:12pm UTC reported:\n\n * Vulnerable if default behaviour has been changed ( By default, Microsoft Office opens documents from the internet in Protected View or Application Guard for Office both of which prevent the current attack ) \n\n * Requires social engineering to be exploited \n\n * Workaround easy to deploy\n\n**nu11secur1ty** at September 22, 2021 4:28pm UTC reported:\n\n * Vulnerable if default behaviour has been changed ( By default, Microsoft Office opens documents from the internet in Protected View or Application Guard for Office both of which prevent the current attack ) \n\n * Requires social engineering to be exploited \n\n * Workaround easy to deploy\n\n**NinjaOperator** at September 07, 2021 6:45pm UTC reported:\n\n * Vulnerable if default behaviour has been changed ( By default, Microsoft Office opens documents from the internet in Protected View or Application Guard for Office both of which prevent the current attack ) \n\n * Requires social engineering to be exploited \n\n * Workaround easy to deploy\n\nAssessed Attacker Value: 3 \nAssessed Attacker Value: 3Assessed Attacker Value: 2\n", "published": "2021-09-15T00:00:00", "modified": "2021-09-25T00:00:00", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}, "cvss2": {}, "cvss3": {}, "href": "https://attackerkb.com/topics/6ojqzQoPox/cve-2021-40444", "reporter": "AttackerKB", "references": ["https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-40444", "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-40444", "http://packetstormsecurity.com/files/164210/Microsoft-Windows-MSHTML-Overview.html"], "cvelist": ["CVE-2021-40444"], "immutableFields": [], "lastseen": "2021-10-05T01:42:30", "history": [], "viewCount": 47, "enchantments": {"dependencies": {"references": [{"type": "cve", "idList": ["CVE-2021-40444"]}, {"type": "kitploit", "idList": ["KITPLOIT:4074521293617632933", "KITPLOIT:1624142243530526923", "KITPLOIT:4033244480100620751", "KITPLOIT:698315176468431184", "KITPLOIT:3697667464193804316", "KITPLOIT:5187040326820919368", "KITPLOIT:5184284878903042540", "KITPLOIT:3456474172768099634", "KITPLOIT:2590785192528609562", "KITPLOIT:5550923684662771880", "KITPLOIT:942518396640901655", "KITPLOIT:5230148353750207837"]}, {"type": "securelist", "idList": ["SECURELIST:63306FA6D056BD9A04969409AC790D84"]}, {"type": "cisa", "idList": ["CISA:C70D91615E3DC8B589B493118D474566"]}, {"type": "mmpc", "idList": ["MMPC:795E0A765679492C51FEFA2B19EAD597"]}, {"type": "mssecure", "idList": ["MSSECURE:795E0A765679492C51FEFA2B19EAD597"]}, {"type": "trendmicroblog", "idList": ["TRENDMICROBLOG:E0C479F55DF4C53A47CA2170110555AE", "TRENDMICROBLOG:E17B66F8728189778826A0F497A540F2"]}, {"type": "kaspersky", "idList": ["KLA12278", "KLA12277"]}, {"type": "nessus", "idList": ["SMB_NT_MS21_IE_SEPT_2021.NASL", "SMB_NT_MS21_SEP_5005565.NASL", "SMB_NT_MS21_SEP_INTERNET_EXPLORER.NASL", "SMB_NT_MS21_SEP_5005613.NASL", "SMB_NT_MS21_SEP_5005573.NASL", "SMB_NT_MS21_SEP_5005568.NASL", "SMB_NT_MS21_SEP_5005569.NASL", "SMB_NT_MS21_SEP_5005566.NASL"]}, {"type": "mskb", "idList": ["KB5005563"]}, {"type": "thn", "idList": ["THN:59AE75C78D4644BFA6AD90225B3DE0C1", "THN:67ECC712AB360F5A56F2434CDBF6B51F", "THN:D4E86BD8938D3B2E15104CA4922A51F8"]}, {"type": "threatpost", "idList": ["THREATPOST:6D61C560E85ECD0A7A35C55E74849510", "THREATPOST:62DC935BF4DB4EF8A4F1E83519B1D5CD", "THREATPOST:3C3F20C93519036CC712D1CA3A6D7C48"]}, {"type": "mscve", "idList": ["MS:CVE-2021-40444"]}, {"type": "malwarebytes", "idList": ["MALWAREBYTES:DB54B348AF1AC41987150B5CE7B1BC66", "MALWAREBYTES:76333D1F0FCAFD79FA2EDD4A4CAFBB38", "MALWAREBYTES:801E20618F96EF51F9E60F7BC7906C2B"]}, {"type": "krebs", "idList": ["KREBS:2EC42B845847A6DCFE50ECEB9FF61C29", "KREBS:409088FC2DFC219B74043104C2B672CC"]}, {"type": "avleonov", "idList": ["AVLEONOV:5945665DFA613F7707360C10CED8C916"]}, {"type": "qualysblog", "idList": ["QUALYSBLOG:5576D16DC39617927D8AEFF027CC0911"]}, {"type": "rapid7blog", "idList": ["RAPID7BLOG:CC071AA6971D64B0F7A596B2BBD5F046"]}], "modified": "2021-09-08T16:44:46", "rev": 2}, "score": {"value": 3.8, "vector": "NONE", "modified": "2021-09-08T16:44:46", "rev": 2}}, "objectVersion": "1.6", "attackerkb": {"attackerValue": 3, "exploitability": 2}, "wildExploited": true, "wildExploitedCategory": {"Vendor Advisory": "", "News Article or Blog": ""}, "wildExploitedReports": [{"category": "Vendor Advisory", "source_url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-40444", "published": "2021-09-07T18:47:00"}, {"category": "Vendor Advisory", "source_url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-40444", "published": "2021-09-07T22:50:00"}, {"category": "Vendor Advisory", "source_url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-40444", "published": "2021-09-09T09:55:00"}, {"category": "News Article or Blog", "source_url": "", "published": "2021-09-10T05:06:00"}, {"category": "Vendor Advisory", "source_url": "https://www.microsoft.com/security/blog/2021/09/15/analyzing-attacks-that-exploit-the-mshtml-cve-2021-40444-vulnerability/", "published": "2021-09-17T14:53:00"}, {"category": "Threat Feed", "source_url": "", "published": "2021-09-17T14:53:00"}], "references_categories": {"Canonical": ["https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-40444"], "Miscellaneous": ["https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-40444", "http://packetstormsecurity.com/files/164210/Microsoft-Windows-MSHTML-Overview.html"]}, "tags": ["requires_interaction", "obscure_configuration"], "mitre_vector": {"Execution": ["Command and Scripting Interpreter: Windows Command Shell(Validated)", "Exploitation for Client Execution(Validated)", "User Execution(Validated)"]}, "last_activity": "2021-09-25T00:00:00"}, "lastseen": "2021-10-05T01:42:30", "differentElements": ["href"], "edition": 6}, {"bulletin": {"id": "AKB:F7CCD0B7-220B-49E5-A4DF-27E26B64A3F0", "hash": "f895324dfc94580c2fd6a7d9a0f2f27a", "type": "attackerkb", "bulletinFamily": "info", "title": "CVE-2021-40444", "description": "Microsoft MSHTML Remote Code Execution Vulnerability\n\n \n**Recent assessments:** \n \n**JunquerGJ** at September 07, 2021 10:50pm UTC reported:\n\n * Vulnerable if default behaviour has been changed ( By default, Microsoft Office opens documents from the internet in Protected View or Application Guard for Office both of which prevent the current attack ) \n\n * Requires social engineering to be exploited \n\n * Workaround easy to deploy\n\n**ccondon-r7** at September 07, 2021 7:12pm UTC reported:\n\n * Vulnerable if default behaviour has been changed ( By default, Microsoft Office opens documents from the internet in Protected View or Application Guard for Office both of which prevent the current attack ) \n\n * Requires social engineering to be exploited \n\n * Workaround easy to deploy\n\n**nu11secur1ty** at September 22, 2021 4:28pm UTC reported:\n\n * Vulnerable if default behaviour has been changed ( By default, Microsoft Office opens documents from the internet in Protected View or Application Guard for Office both of which prevent the current attack ) \n\n * Requires social engineering to be exploited \n\n * Workaround easy to deploy\n\n**NinjaOperator** at September 07, 2021 6:45pm UTC reported:\n\n * Vulnerable if default behaviour has been changed ( By default, Microsoft Office opens documents from the internet in Protected View or Application Guard for Office both of which prevent the current attack ) \n\n * Requires social engineering to be exploited \n\n * Workaround easy to deploy\n\nAssessed Attacker Value: 3 \nAssessed Attacker Value: 3Assessed Attacker Value: 2\n", "published": "2021-09-15T00:00:00", "modified": "2021-09-25T00:00:00", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}, "cvss2": {}, "cvss3": {}, "href": "https://attackerkb.com/comments/d5168efc-757d-4584-a59f-dd75d566c156", "reporter": "AttackerKB", "references": ["https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-40444", "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-40444", "http://packetstormsecurity.com/files/164210/Microsoft-Windows-MSHTML-Overview.html"], "cvelist": ["CVE-2021-40444"], "immutableFields": [], "lastseen": "2021-10-05T01:42:42", "history": [], "viewCount": 47, "enchantments": {"dependencies": {"references": [{"type": "cve", "idList": ["CVE-2021-40444"]}, {"type": "kitploit", "idList": ["KITPLOIT:5184284878903042540", "KITPLOIT:2590785192528609562", "KITPLOIT:942518396640901655", "KITPLOIT:5230148353750207837", "KITPLOIT:5550923684662771880", "KITPLOIT:5187040326820919368", "KITPLOIT:698315176468431184", "KITPLOIT:3697667464193804316", "KITPLOIT:4074521293617632933", "KITPLOIT:1624142243530526923", "KITPLOIT:3456474172768099634", "KITPLOIT:4033244480100620751"]}, {"type": "cisa", "idList": ["CISA:C70D91615E3DC8B589B493118D474566"]}, {"type": "securelist", "idList": ["SECURELIST:63306FA6D056BD9A04969409AC790D84"]}, {"type": "mssecure", "idList": ["MSSECURE:795E0A765679492C51FEFA2B19EAD597"]}, {"type": "mmpc", "idList": ["MMPC:795E0A765679492C51FEFA2B19EAD597"]}, {"type": "trendmicroblog", "idList": ["TRENDMICROBLOG:E0C479F55DF4C53A47CA2170110555AE", "TRENDMICROBLOG:E17B66F8728189778826A0F497A540F2"]}, {"type": "mskb", "idList": ["KB5005563"]}, {"type": "thn", "idList": ["THN:59AE75C78D4644BFA6AD90225B3DE0C1", "THN:D4E86BD8938D3B2E15104CA4922A51F8", "THN:67ECC712AB360F5A56F2434CDBF6B51F"]}, {"type": "threatpost", "idList": ["THREATPOST:62DC935BF4DB4EF8A4F1E83519B1D5CD", "THREATPOST:6D61C560E85ECD0A7A35C55E74849510", "THREATPOST:3C3F20C93519036CC712D1CA3A6D7C48"]}, {"type": "nessus", "idList": ["SMB_NT_MS21_SEP_5005565.NASL", "SMB_NT_MS21_SEP_INTERNET_EXPLORER.NASL", "SMB_NT_MS21_SEP_5005566.NASL", "SMB_NT_MS21_SEP_5005573.NASL", "SMB_NT_MS21_SEP_5005568.NASL", "SMB_NT_MS21_IE_SEPT_2021.NASL", "SMB_NT_MS21_SEP_5005613.NASL", "SMB_NT_MS21_SEP_5005569.NASL"]}, {"type": "kaspersky", "idList": ["KLA12277", "KLA12278"]}, {"type": "malwarebytes", "idList": ["MALWAREBYTES:801E20618F96EF51F9E60F7BC7906C2B", "MALWAREBYTES:76333D1F0FCAFD79FA2EDD4A4CAFBB38", "MALWAREBYTES:DB54B348AF1AC41987150B5CE7B1BC66"]}, {"type": "krebs", "idList": ["KREBS:2EC42B845847A6DCFE50ECEB9FF61C29", "KREBS:409088FC2DFC219B74043104C2B672CC"]}, {"type": "mscve", "idList": ["MS:CVE-2021-40444"]}, {"type": "avleonov", "idList": ["AVLEONOV:5945665DFA613F7707360C10CED8C916"]}, {"type": "qualysblog", "idList": ["QUALYSBLOG:5576D16DC39617927D8AEFF027CC0911"]}, {"type": "rapid7blog", "idList": ["RAPID7BLOG:CC071AA6971D64B0F7A596B2BBD5F046"]}], "modified": "2021-10-05T01:42:42", "rev": 2}, "score": {"value": 4.4, "vector": "NONE", "modified": "2021-10-05T01:42:42", "rev": 2}}, "objectVersion": "1.6", "attackerkb": {"attackerValue": 3, "exploitability": 2}, "wildExploited": true, "wildExploitedCategory": {"Vendor Advisory": "", "News Article or Blog": ""}, "wildExploitedReports": [{"category": "Vendor Advisory", "source_url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-40444", "published": "2021-09-07T18:47:00"}, {"category": "Vendor Advisory", "source_url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-40444", "published": "2021-09-07T22:50:00"}, {"category": "Vendor Advisory", "source_url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-40444", "published": "2021-09-09T09:55:00"}, {"category": "News Article or Blog", "source_url": "", "published": "2021-09-10T05:06:00"}, {"category": "Vendor Advisory", "source_url": "https://www.microsoft.com/security/blog/2021/09/15/analyzing-attacks-that-exploit-the-mshtml-cve-2021-40444-vulnerability/", "published": "2021-09-17T14:53:00"}, {"category": "Threat Feed", "source_url": "", "published": "2021-09-17T14:53:00"}], "references_categories": {"Canonical": ["https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-40444"], "Miscellaneous": ["https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-40444", "http://packetstormsecurity.com/files/164210/Microsoft-Windows-MSHTML-Overview.html"]}, "tags": ["requires_interaction", "obscure_configuration"], "mitre_vector": {"Execution": ["Command and Scripting Interpreter: Windows Command Shell(Validated)", "Exploitation for Client Execution(Validated)", "User Execution(Validated)"]}, "last_activity": "2021-09-25T00:00:00"}, "lastseen": "2021-10-05T01:42:42", "differentElements": ["href"], "edition": 7}, {"bulletin": {"id": "AKB:F7CCD0B7-220B-49E5-A4DF-27E26B64A3F0", "hash": "3d52b470d5472513daaca763ba17c977", "type": "attackerkb", "bulletinFamily": "info", "title": "CVE-2021-40444", "description": "Microsoft MSHTML Remote Code Execution Vulnerability\n\n \n**Recent assessments:** \n \n**JunquerGJ** at September 07, 2021 10:50pm UTC reported:\n\n * Vulnerable if default behaviour has been changed ( By default, Microsoft Office opens documents from the internet in Protected View or Application Guard for Office both of which prevent the current attack ) \n\n * Requires social engineering to be exploited \n\n * Workaround easy to deploy\n\n**ccondon-r7** at September 07, 2021 7:12pm UTC reported:\n\n * Vulnerable if default behaviour has been changed ( By default, Microsoft Office opens documents from the internet in Protected View or Application Guard for Office both of which prevent the current attack ) \n\n * Requires social engineering to be exploited \n\n * Workaround easy to deploy\n\n**nu11secur1ty** at September 22, 2021 4:28pm UTC reported:\n\n * Vulnerable if default behaviour has been changed ( By default, Microsoft Office opens documents from the internet in Protected View or Application Guard for Office both of which prevent the current attack ) \n\n * Requires social engineering to be exploited \n\n * Workaround easy to deploy\n\n**NinjaOperator** at September 07, 2021 6:45pm UTC reported:\n\n * Vulnerable if default behaviour has been changed ( By default, Microsoft Office opens documents from the internet in Protected View or Application Guard for Office both of which prevent the current attack ) \n\n * Requires social engineering to be exploited \n\n * Workaround easy to deploy\n\nAssessed Attacker Value: 3 \nAssessed Attacker Value: 3Assessed Attacker Value: 2\n", "published": "2021-09-15T00:00:00", "modified": "2021-09-25T00:00:00", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}, "cvss2": {}, "cvss3": {}, "href": "https://attackerkb.com/topics/6ojqzQoPox/cve-2021-40444", "reporter": "AttackerKB", "references": ["https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-40444", "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-40444", "http://packetstormsecurity.com/files/164210/Microsoft-Windows-MSHTML-Overview.html"], "cvelist": ["CVE-2021-40444"], "immutableFields": [], "lastseen": "2021-10-05T04:41:20", "history": [], "viewCount": 47, "enchantments": {"dependencies": {"references": [{"type": "cve", "idList": ["CVE-2021-40444"]}, {"type": "kitploit", "idList": ["KITPLOIT:5184284878903042540", "KITPLOIT:2590785192528609562", "KITPLOIT:942518396640901655", "KITPLOIT:5230148353750207837", "KITPLOIT:5550923684662771880", "KITPLOIT:5187040326820919368", "KITPLOIT:698315176468431184", "KITPLOIT:3697667464193804316", "KITPLOIT:4074521293617632933", "KITPLOIT:1624142243530526923", "KITPLOIT:3456474172768099634", "KITPLOIT:4033244480100620751"]}, {"type": "cisa", "idList": ["CISA:C70D91615E3DC8B589B493118D474566"]}, {"type": "securelist", "idList": ["SECURELIST:63306FA6D056BD9A04969409AC790D84"]}, {"type": "mssecure", "idList": ["MSSECURE:795E0A765679492C51FEFA2B19EAD597"]}, {"type": "mmpc", "idList": ["MMPC:795E0A765679492C51FEFA2B19EAD597"]}, {"type": "trendmicroblog", "idList": ["TRENDMICROBLOG:E0C479F55DF4C53A47CA2170110555AE", "TRENDMICROBLOG:E17B66F8728189778826A0F497A540F2"]}, {"type": "mskb", "idList": ["KB5005563"]}, {"type": "thn", "idList": ["THN:59AE75C78D4644BFA6AD90225B3DE0C1", "THN:D4E86BD8938D3B2E15104CA4922A51F8", "THN:67ECC712AB360F5A56F2434CDBF6B51F"]}, {"type": "threatpost", "idList": ["THREATPOST:62DC935BF4DB4EF8A4F1E83519B1D5CD", "THREATPOST:6D61C560E85ECD0A7A35C55E74849510", "THREATPOST:3C3F20C93519036CC712D1CA3A6D7C48"]}, {"type": "nessus", "idList": ["SMB_NT_MS21_SEP_5005565.NASL", "SMB_NT_MS21_SEP_INTERNET_EXPLORER.NASL", "SMB_NT_MS21_SEP_5005566.NASL", "SMB_NT_MS21_SEP_5005573.NASL", "SMB_NT_MS21_SEP_5005568.NASL", "SMB_NT_MS21_IE_SEPT_2021.NASL", "SMB_NT_MS21_SEP_5005613.NASL", "SMB_NT_MS21_SEP_5005569.NASL"]}, {"type": "kaspersky", "idList": ["KLA12277", "KLA12278"]}, {"type": "malwarebytes", "idList": ["MALWAREBYTES:801E20618F96EF51F9E60F7BC7906C2B", "MALWAREBYTES:76333D1F0FCAFD79FA2EDD4A4CAFBB38", "MALWAREBYTES:DB54B348AF1AC41987150B5CE7B1BC66"]}, {"type": "krebs", "idList": ["KREBS:2EC42B845847A6DCFE50ECEB9FF61C29", "KREBS:409088FC2DFC219B74043104C2B672CC"]}, {"type": "mscve", "idList": ["MS:CVE-2021-40444"]}, {"type": "avleonov", "idList": ["AVLEONOV:5945665DFA613F7707360C10CED8C916"]}, {"type": "qualysblog", "idList": ["QUALYSBLOG:5576D16DC39617927D8AEFF027CC0911"]}, {"type": "rapid7blog", "idList": ["RAPID7BLOG:CC071AA6971D64B0F7A596B2BBD5F046"]}], "modified": "2021-10-05T01:42:42", "rev": 2}, "score": {"value": 4.4, "vector": "NONE", "modified": "2021-10-05T01:42:42", "rev": 2}}, "objectVersion": "1.6", "attackerkb": {"attackerValue": 3, "exploitability": 2}, "wildExploited": true, "wildExploitedCategory": {"Vendor Advisory": "", "News Article or Blog": ""}, "wildExploitedReports": [{"category": "Vendor Advisory", "source_url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-40444", "published": "2021-09-07T18:47:00"}, {"category": "Vendor Advisory", "source_url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-40444", "published": "2021-09-07T22:50:00"}, {"category": "Vendor Advisory", "source_url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-40444", "published": "2021-09-09T09:55:00"}, {"category": "News Article or Blog", "source_url": "", "published": "2021-09-10T05:06:00"}, {"category": "Vendor Advisory", "source_url": "https://www.microsoft.com/security/blog/2021/09/15/analyzing-attacks-that-exploit-the-mshtml-cve-2021-40444-vulnerability/", "published": "2021-09-17T14:53:00"}, {"category": "Threat Feed", "source_url": "", "published": "2021-09-17T14:53:00"}], "references_categories": {"Canonical": ["https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-40444"], "Miscellaneous": ["https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-40444", "http://packetstormsecurity.com/files/164210/Microsoft-Windows-MSHTML-Overview.html"]}, "tags": ["requires_interaction", "obscure_configuration"], "mitre_vector": {"Execution": ["Command and Scripting Interpreter: Windows Command Shell(Validated)", "Exploitation for Client Execution(Validated)", "User Execution(Validated)"]}, "last_activity": "2021-09-25T00:00:00"}, "lastseen": "2021-10-05T04:41:20", "differentElements": ["href"], "edition": 8}, {"bulletin": {"id": "AKB:F7CCD0B7-220B-49E5-A4DF-27E26B64A3F0", "hash": "f895324dfc94580c2fd6a7d9a0f2f27a", "type": "attackerkb", "bulletinFamily": "info", "title": "CVE-2021-40444", "description": "Microsoft MSHTML Remote Code Execution Vulnerability\n\n \n**Recent assessments:** \n \n**JunquerGJ** at September 07, 2021 10:50pm UTC reported:\n\n * Vulnerable if default behaviour has been changed ( By default, Microsoft Office opens documents from the internet in Protected View or Application Guard for Office both of which prevent the current attack ) \n\n * Requires social engineering to be exploited \n\n * Workaround easy to deploy\n\n**ccondon-r7** at September 07, 2021 7:12pm UTC reported:\n\n * Vulnerable if default behaviour has been changed ( By default, Microsoft Office opens documents from the internet in Protected View or Application Guard for Office both of which prevent the current attack ) \n\n * Requires social engineering to be exploited \n\n * Workaround easy to deploy\n\n**nu11secur1ty** at September 22, 2021 4:28pm UTC reported:\n\n * Vulnerable if default behaviour has been changed ( By default, Microsoft Office opens documents from the internet in Protected View or Application Guard for Office both of which prevent the current attack ) \n\n * Requires social engineering to be exploited \n\n * Workaround easy to deploy\n\n**NinjaOperator** at September 07, 2021 6:45pm UTC reported:\n\n * Vulnerable if default behaviour has been changed ( By default, Microsoft Office opens documents from the internet in Protected View or Application Guard for Office both of which prevent the current attack ) \n\n * Requires social engineering to be exploited \n\n * Workaround easy to deploy\n\nAssessed Attacker Value: 3 \nAssessed Attacker Value: 3Assessed Attacker Value: 2\n", "published": "2021-09-15T00:00:00", "modified": "2021-09-25T00:00:00", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}, "cvss2": {}, "cvss3": {}, "href": "https://attackerkb.com/comments/d5168efc-757d-4584-a59f-dd75d566c156", "reporter": "AttackerKB", "references": ["https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-40444", "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-40444", "http://packetstormsecurity.com/files/164210/Microsoft-Windows-MSHTML-Overview.html"], "cvelist": ["CVE-2021-40444"], "immutableFields": [], "lastseen": "2021-10-05T04:42:59", "history": [], "viewCount": 47, "enchantments": {"dependencies": {"references": [{"type": "cve", "idList": ["CVE-2021-40444"]}, {"type": "kitploit", "idList": ["KITPLOIT:5184284878903042540", "KITPLOIT:2590785192528609562", "KITPLOIT:942518396640901655", "KITPLOIT:5230148353750207837", "KITPLOIT:5550923684662771880", "KITPLOIT:5187040326820919368", "KITPLOIT:698315176468431184", "KITPLOIT:3697667464193804316", "KITPLOIT:4074521293617632933", "KITPLOIT:1624142243530526923", "KITPLOIT:3456474172768099634", "KITPLOIT:4033244480100620751"]}, {"type": "cisa", "idList": ["CISA:C70D91615E3DC8B589B493118D474566"]}, {"type": "securelist", "idList": ["SECURELIST:63306FA6D056BD9A04969409AC790D84"]}, {"type": "mssecure", "idList": ["MSSECURE:795E0A765679492C51FEFA2B19EAD597"]}, {"type": "mmpc", "idList": ["MMPC:795E0A765679492C51FEFA2B19EAD597"]}, {"type": "trendmicroblog", "idList": ["TRENDMICROBLOG:E0C479F55DF4C53A47CA2170110555AE", "TRENDMICROBLOG:E17B66F8728189778826A0F497A540F2"]}, {"type": "mskb", "idList": ["KB5005563"]}, {"type": "thn", "idList": ["THN:59AE75C78D4644BFA6AD90225B3DE0C1", "THN:D4E86BD8938D3B2E15104CA4922A51F8", "THN:67ECC712AB360F5A56F2434CDBF6B51F"]}, {"type": "threatpost", "idList": ["THREATPOST:62DC935BF4DB4EF8A4F1E83519B1D5CD", "THREATPOST:6D61C560E85ECD0A7A35C55E74849510", "THREATPOST:3C3F20C93519036CC712D1CA3A6D7C48"]}, {"type": "nessus", "idList": ["SMB_NT_MS21_SEP_5005565.NASL", "SMB_NT_MS21_SEP_INTERNET_EXPLORER.NASL", "SMB_NT_MS21_SEP_5005566.NASL", "SMB_NT_MS21_SEP_5005573.NASL", "SMB_NT_MS21_SEP_5005568.NASL", "SMB_NT_MS21_IE_SEPT_2021.NASL", "SMB_NT_MS21_SEP_5005613.NASL", "SMB_NT_MS21_SEP_5005569.NASL"]}, {"type": "kaspersky", "idList": ["KLA12277", "KLA12278"]}, {"type": "malwarebytes", "idList": ["MALWAREBYTES:801E20618F96EF51F9E60F7BC7906C2B", "MALWAREBYTES:76333D1F0FCAFD79FA2EDD4A4CAFBB38", "MALWAREBYTES:DB54B348AF1AC41987150B5CE7B1BC66"]}, {"type": "krebs", "idList": ["KREBS:2EC42B845847A6DCFE50ECEB9FF61C29", "KREBS:409088FC2DFC219B74043104C2B672CC"]}, {"type": "mscve", "idList": ["MS:CVE-2021-40444"]}, {"type": "avleonov", "idList": ["AVLEONOV:5945665DFA613F7707360C10CED8C916"]}, {"type": "qualysblog", "idList": ["QUALYSBLOG:5576D16DC39617927D8AEFF027CC0911"]}, {"type": "rapid7blog", "idList": ["RAPID7BLOG:CC071AA6971D64B0F7A596B2BBD5F046"]}], "modified": "2021-10-05T01:42:42", "rev": 2}, "score": {"value": 4.4, "vector": "NONE", "modified": "2021-10-05T01:42:42", "rev": 2}}, "objectVersion": "1.6", "attackerkb": {"attackerValue": 3, "exploitability": 2}, "wildExploited": true, "wildExploitedCategory": {"Vendor Advisory": "", "News Article or Blog": ""}, "wildExploitedReports": [{"category": "Vendor Advisory", "source_url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-40444", "published": "2021-09-07T18:47:00"}, {"category": "Vendor Advisory", "source_url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-40444", "published": "2021-09-07T22:50:00"}, {"category": "Vendor Advisory", "source_url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-40444", "published": "2021-09-09T09:55:00"}, {"category": "News Article or Blog", "source_url": "", "published": "2021-09-10T05:06:00"}, {"category": "Vendor Advisory", "source_url": "https://www.microsoft.com/security/blog/2021/09/15/analyzing-attacks-that-exploit-the-mshtml-cve-2021-40444-vulnerability/", "published": "2021-09-17T14:53:00"}, {"category": "Threat Feed", "source_url": "", "published": "2021-09-17T14:53:00"}], "references_categories": {"Canonical": ["https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-40444"], "Miscellaneous": ["https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-40444", "http://packetstormsecurity.com/files/164210/Microsoft-Windows-MSHTML-Overview.html"]}, "tags": ["requires_interaction", "obscure_configuration"], "mitre_vector": {"Execution": ["Command and Scripting Interpreter: Windows Command Shell(Validated)", "Exploitation for Client Execution(Validated)", "User Execution(Validated)"]}, "last_activity": "2021-09-25T00:00:00"}, "lastseen": "2021-10-05T04:42:59", "differentElements": ["href"], "edition": 9}, {"bulletin": {"id": "AKB:F7CCD0B7-220B-49E5-A4DF-27E26B64A3F0", "hash": "3d52b470d5472513daaca763ba17c977", "type": "attackerkb", "bulletinFamily": "info", "title": "CVE-2021-40444", "description": "Microsoft MSHTML Remote Code Execution Vulnerability\n\n \n**Recent assessments:** \n \n**JunquerGJ** at September 07, 2021 10:50pm UTC reported:\n\n * Vulnerable if default behaviour has been changed ( By default, Microsoft Office opens documents from the internet in Protected View or Application Guard for Office both of which prevent the current attack ) \n\n * Requires social engineering to be exploited \n\n * Workaround easy to deploy\n\n**ccondon-r7** at September 07, 2021 7:12pm UTC reported:\n\n * Vulnerable if default behaviour has been changed ( By default, Microsoft Office opens documents from the internet in Protected View or Application Guard for Office both of which prevent the current attack ) \n\n * Requires social engineering to be exploited \n\n * Workaround easy to deploy\n\n**nu11secur1ty** at September 22, 2021 4:28pm UTC reported:\n\n * Vulnerable if default behaviour has been changed ( By default, Microsoft Office opens documents from the internet in Protected View or Application Guard for Office both of which prevent the current attack ) \n\n * Requires social engineering to be exploited \n\n * Workaround easy to deploy\n\n**NinjaOperator** at September 07, 2021 6:45pm UTC reported:\n\n * Vulnerable if default behaviour has been changed ( By default, Microsoft Office opens documents from the internet in Protected View or Application Guard for Office both of which prevent the current attack ) \n\n * Requires social engineering to be exploited \n\n * Workaround easy to deploy\n\nAssessed Attacker Value: 3 \nAssessed Attacker Value: 3Assessed Attacker Value: 2\n", "published": "2021-09-15T00:00:00", "modified": "2021-09-25T00:00:00", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}, "cvss2": {}, "cvss3": {}, "href": "https://attackerkb.com/topics/6ojqzQoPox/cve-2021-40444", "reporter": "AttackerKB", "references": ["https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-40444", "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-40444", "http://packetstormsecurity.com/files/164210/Microsoft-Windows-MSHTML-Overview.html"], "cvelist": ["CVE-2021-40444"], "immutableFields": [], "lastseen": "2021-10-05T07:41:09", "history": [], "viewCount": 49, "enchantments": {"dependencies": {"references": [{"type": "cve", "idList": ["CVE-2021-40444"]}, {"type": "kitploit", "idList": ["KITPLOIT:5184284878903042540", "KITPLOIT:2590785192528609562", "KITPLOIT:942518396640901655", "KITPLOIT:5230148353750207837", "KITPLOIT:5550923684662771880", "KITPLOIT:5187040326820919368", "KITPLOIT:698315176468431184", "KITPLOIT:3697667464193804316", "KITPLOIT:4074521293617632933", "KITPLOIT:1624142243530526923", "KITPLOIT:3456474172768099634", "KITPLOIT:4033244480100620751"]}, {"type": "cisa", "idList": ["CISA:C70D91615E3DC8B589B493118D474566"]}, {"type": "securelist", "idList": ["SECURELIST:63306FA6D056BD9A04969409AC790D84"]}, {"type": "mssecure", "idList": ["MSSECURE:795E0A765679492C51FEFA2B19EAD597"]}, {"type": "mmpc", "idList": ["MMPC:795E0A765679492C51FEFA2B19EAD597"]}, {"type": "trendmicroblog", "idList": ["TRENDMICROBLOG:E0C479F55DF4C53A47CA2170110555AE", "TRENDMICROBLOG:E17B66F8728189778826A0F497A540F2"]}, {"type": "mskb", "idList": ["KB5005563"]}, {"type": "thn", "idList": ["THN:59AE75C78D4644BFA6AD90225B3DE0C1", "THN:D4E86BD8938D3B2E15104CA4922A51F8", "THN:67ECC712AB360F5A56F2434CDBF6B51F"]}, {"type": "threatpost", "idList": ["THREATPOST:62DC935BF4DB4EF8A4F1E83519B1D5CD", "THREATPOST:6D61C560E85ECD0A7A35C55E74849510", "THREATPOST:3C3F20C93519036CC712D1CA3A6D7C48"]}, {"type": "nessus", "idList": ["SMB_NT_MS21_SEP_5005565.NASL", "SMB_NT_MS21_SEP_INTERNET_EXPLORER.NASL", "SMB_NT_MS21_SEP_5005566.NASL", "SMB_NT_MS21_SEP_5005573.NASL", "SMB_NT_MS21_SEP_5005568.NASL", "SMB_NT_MS21_IE_SEPT_2021.NASL", "SMB_NT_MS21_SEP_5005613.NASL", "SMB_NT_MS21_SEP_5005569.NASL"]}, {"type": "kaspersky", "idList": ["KLA12277", "KLA12278"]}, {"type": "malwarebytes", "idList": ["MALWAREBYTES:801E20618F96EF51F9E60F7BC7906C2B", "MALWAREBYTES:76333D1F0FCAFD79FA2EDD4A4CAFBB38", "MALWAREBYTES:DB54B348AF1AC41987150B5CE7B1BC66"]}, {"type": "krebs", "idList": ["KREBS:2EC42B845847A6DCFE50ECEB9FF61C29", "KREBS:409088FC2DFC219B74043104C2B672CC"]}, {"type": "mscve", "idList": ["MS:CVE-2021-40444"]}, {"type": "avleonov", "idList": ["AVLEONOV:5945665DFA613F7707360C10CED8C916"]}, {"type": "qualysblog", "idList": ["QUALYSBLOG:5576D16DC39617927D8AEFF027CC0911"]}, {"type": "rapid7blog", "idList": ["RAPID7BLOG:CC071AA6971D64B0F7A596B2BBD5F046"]}], "modified": "2021-10-05T01:42:42", "rev": 2}, "score": {"value": 4.4, "vector": "NONE", "modified": "2021-10-05T01:42:42", "rev": 2}}, "objectVersion": "1.6", "attackerkb": {"attackerValue": 3, "exploitability": 2}, "wildExploited": true, "wildExploitedCategory": {"Vendor Advisory": "", "News Article or Blog": ""}, "wildExploitedReports": [{"category": "Vendor Advisory", "source_url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-40444", "published": "2021-09-07T18:47:00"}, {"category": "Vendor Advisory", "source_url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-40444", "published": "2021-09-07T22:50:00"}, {"category": "Vendor Advisory", "source_url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-40444", "published": "2021-09-09T09:55:00"}, {"category": "News Article or Blog", "source_url": "", "published": "2021-09-10T05:06:00"}, {"category": "Vendor Advisory", "source_url": "https://www.microsoft.com/security/blog/2021/09/15/analyzing-attacks-that-exploit-the-mshtml-cve-2021-40444-vulnerability/", "published": "2021-09-17T14:53:00"}, {"category": "Threat Feed", "source_url": "", "published": "2021-09-17T14:53:00"}], "references_categories": {"Canonical": ["https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-40444"], "Miscellaneous": ["https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-40444", "http://packetstormsecurity.com/files/164210/Microsoft-Windows-MSHTML-Overview.html"]}, "tags": ["requires_interaction", "obscure_configuration"], "mitre_vector": {"Execution": ["Command and Scripting Interpreter: Windows Command Shell(Validated)", "Exploitation for Client Execution(Validated)", "User Execution(Validated)"]}, "last_activity": "2021-09-25T00:00:00"}, "lastseen": "2021-10-05T07:41:09", "differentElements": ["href"], "edition": 10}, {"bulletin": {"id": "AKB:F7CCD0B7-220B-49E5-A4DF-27E26B64A3F0", "hash": "f895324dfc94580c2fd6a7d9a0f2f27a", "type": "attackerkb", "bulletinFamily": "info", "title": "CVE-2021-40444", "description": "Microsoft MSHTML Remote Code Execution Vulnerability\n\n \n**Recent assessments:** \n \n**JunquerGJ** at September 07, 2021 10:50pm UTC reported:\n\n * Vulnerable if default behaviour has been changed ( By default, Microsoft Office opens documents from the internet in Protected View or Application Guard for Office both of which prevent the current attack ) \n\n * Requires social engineering to be exploited \n\n * Workaround easy to deploy\n\n**ccondon-r7** at September 07, 2021 7:12pm UTC reported:\n\n * Vulnerable if default behaviour has been changed ( By default, Microsoft Office opens documents from the internet in Protected View or Application Guard for Office both of which prevent the current attack ) \n\n * Requires social engineering to be exploited \n\n * Workaround easy to deploy\n\n**nu11secur1ty** at September 22, 2021 4:28pm UTC reported:\n\n * Vulnerable if default behaviour has been changed ( By default, Microsoft Office opens documents from the internet in Protected View or Application Guard for Office both of which prevent the current attack ) \n\n * Requires social engineering to be exploited \n\n * Workaround easy to deploy\n\n**NinjaOperator** at September 07, 2021 6:45pm UTC reported:\n\n * Vulnerable if default behaviour has been changed ( By default, Microsoft Office opens documents from the internet in Protected View or Application Guard for Office both of which prevent the current attack ) \n\n * Requires social engineering to be exploited \n\n * Workaround easy to deploy\n\nAssessed Attacker Value: 3 \nAssessed Attacker Value: 3Assessed Attacker Value: 2\n", "published": "2021-09-15T00:00:00", "modified": "2021-09-25T00:00:00", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}, "cvss2": {}, "cvss3": {}, "href": "https://attackerkb.com/comments/d5168efc-757d-4584-a59f-dd75d566c156", "reporter": "AttackerKB", "references": ["https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-40444", "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-40444", "http://packetstormsecurity.com/files/164210/Microsoft-Windows-MSHTML-Overview.html"], "cvelist": ["CVE-2021-40444"], "immutableFields": [], "lastseen": "2021-10-05T10:41:56", "history": [], "viewCount": 49, "enchantments": {"dependencies": {"references": [{"type": "cve", "idList": ["CVE-2021-40444"]}, {"type": "kitploit", "idList": ["KITPLOIT:4033244480100620751", "KITPLOIT:942518396640901655", "KITPLOIT:3456474172768099634", "KITPLOIT:698315176468431184", "KITPLOIT:3697667464193804316", "KITPLOIT:5187040326820919368", "KITPLOIT:5550923684662771880", "KITPLOIT:5230148353750207837", "KITPLOIT:5184284878903042540", "KITPLOIT:2590785192528609562", "KITPLOIT:1624142243530526923", "KITPLOIT:4074521293617632933"]}, {"type": "cisa", "idList": ["CISA:C70D91615E3DC8B589B493118D474566"]}, {"type": "securelist", "idList": ["SECURELIST:63306FA6D056BD9A04969409AC790D84"]}, {"type": "mssecure", "idList": ["MSSECURE:795E0A765679492C51FEFA2B19EAD597"]}, {"type": "mmpc", "idList": ["MMPC:795E0A765679492C51FEFA2B19EAD597"]}, {"type": "trendmicroblog", "idList": ["TRENDMICROBLOG:E17B66F8728189778826A0F497A540F2", "TRENDMICROBLOG:E0C479F55DF4C53A47CA2170110555AE"]}, {"type": "mskb", "idList": ["KB5005563"]}, {"type": "threatpost", "idList": ["THREATPOST:62DC935BF4DB4EF8A4F1E83519B1D5CD", "THREATPOST:6D61C560E85ECD0A7A35C55E74849510", "THREATPOST:3C3F20C93519036CC712D1CA3A6D7C48"]}, {"type": "nessus", "idList": ["SMB_NT_MS21_SEP_5005569.NASL", "SMB_NT_MS21_SEP_5005565.NASL", "SMB_NT_MS21_SEP_5005566.NASL", "SMB_NT_MS21_IE_SEPT_2021.NASL", "SMB_NT_MS21_SEP_5005613.NASL", "SMB_NT_MS21_SEP_INTERNET_EXPLORER.NASL", "SMB_NT_MS21_SEP_5005573.NASL", "SMB_NT_MS21_SEP_5005568.NASL"]}, {"type": "kaspersky", "idList": ["KLA12278", "KLA12277"]}, {"type": "malwarebytes", "idList": ["MALWAREBYTES:DB54B348AF1AC41987150B5CE7B1BC66", "MALWAREBYTES:76333D1F0FCAFD79FA2EDD4A4CAFBB38", "MALWAREBYTES:801E20618F96EF51F9E60F7BC7906C2B"]}, {"type": "krebs", "idList": ["KREBS:2EC42B845847A6DCFE50ECEB9FF61C29", "KREBS:409088FC2DFC219B74043104C2B672CC"]}, {"type": "thn", "idList": ["THN:67ECC712AB360F5A56F2434CDBF6B51F", "THN:59AE75C78D4644BFA6AD90225B3DE0C1", "THN:D4E86BD8938D3B2E15104CA4922A51F8"]}, {"type": "mscve", "idList": ["MS:CVE-2021-40444"]}, {"type": "avleonov", "idList": ["AVLEONOV:5945665DFA613F7707360C10CED8C916"]}, {"type": "qualysblog", "idList": ["QUALYSBLOG:5576D16DC39617927D8AEFF027CC0911"]}, {"type": "rapid7blog", "idList": ["RAPID7BLOG:CC071AA6971D64B0F7A596B2BBD5F046"]}], "modified": "2021-10-05T10:41:56", "rev": 2}, "score": {"value": 4.4, "vector": "NONE", "modified": "2021-10-05T10:41:56", "rev": 2}}, "objectVersion": "1.6", "attackerkb": {"attackerValue": 3, "exploitability": 2}, "wildExploited": true, "wildExploitedCategory": {"Vendor Advisory": "", "News Article or Blog": ""}, "wildExploitedReports": [{"category": "Vendor Advisory", "source_url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-40444", "published": "2021-09-07T18:47:00"}, {"category": "Vendor Advisory", "source_url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-40444", "published": "2021-09-07T22:50:00"}, {"category": "Vendor Advisory", "source_url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-40444", "published": "2021-09-09T09:55:00"}, {"category": "News Article or Blog", "source_url": "", "published": "2021-09-10T05:06:00"}, {"category": "Vendor Advisory", "source_url": "https://www.microsoft.com/security/blog/2021/09/15/analyzing-attacks-that-exploit-the-mshtml-cve-2021-40444-vulnerability/", "published": "2021-09-17T14:53:00"}, {"category": "Threat Feed", "source_url": "", "published": "2021-09-17T14:53:00"}], "references_categories": {"Canonical": ["https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-40444"], "Miscellaneous": ["https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-40444", "http://packetstormsecurity.com/files/164210/Microsoft-Windows-MSHTML-Overview.html"]}, "tags": ["requires_interaction", "obscure_configuration"], "mitre_vector": {"Execution": ["Command and Scripting Interpreter: Windows Command Shell(Validated)", "Exploitation for Client Execution(Validated)", "User Execution(Validated)"]}, "last_activity": "2021-09-25T00:00:00"}, "lastseen": "2021-10-05T10:41:56", "differentElements": ["href"], "edition": 11}, {"bulletin": {"id": "AKB:F7CCD0B7-220B-49E5-A4DF-27E26B64A3F0", "hash": "3d52b470d5472513daaca763ba17c977", "type": "attackerkb", "bulletinFamily": "info", "title": "CVE-2021-40444", "description": "Microsoft MSHTML Remote Code Execution Vulnerability\n\n \n**Recent assessments:** \n \n**JunquerGJ** at September 07, 2021 10:50pm UTC reported:\n\n * Vulnerable if default behaviour has been changed ( By default, Microsoft Office opens documents from the internet in Protected View or Application Guard for Office both of which prevent the current attack ) \n\n * Requires social engineering to be exploited \n\n * Workaround easy to deploy\n\n**ccondon-r7** at September 07, 2021 7:12pm UTC reported:\n\n * Vulnerable if default behaviour has been changed ( By default, Microsoft Office opens documents from the internet in Protected View or Application Guard for Office both of which prevent the current attack ) \n\n * Requires social engineering to be exploited \n\n * Workaround easy to deploy\n\n**nu11secur1ty** at September 22, 2021 4:28pm UTC reported:\n\n * Vulnerable if default behaviour has been changed ( By default, Microsoft Office opens documents from the internet in Protected View or Application Guard for Office both of which prevent the current attack ) \n\n * Requires social engineering to be exploited \n\n * Workaround easy to deploy\n\n**NinjaOperator** at September 07, 2021 6:45pm UTC reported:\n\n * Vulnerable if default behaviour has been changed ( By default, Microsoft Office opens documents from the internet in Protected View or Application Guard for Office both of which prevent the current attack ) \n\n * Requires social engineering to be exploited \n\n * Workaround easy to deploy\n\nAssessed Attacker Value: 3 \nAssessed Attacker Value: 3Assessed Attacker Value: 2\n", "published": "2021-09-15T00:00:00", "modified": "2021-09-25T00:00:00", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}, "cvss2": {}, "cvss3": {}, "href": "https://attackerkb.com/topics/6ojqzQoPox/cve-2021-40444", "reporter": "AttackerKB", "references": ["https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-40444", "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-40444", "http://packetstormsecurity.com/files/164210/Microsoft-Windows-MSHTML-Overview.html"], "cvelist": ["CVE-2021-40444"], "immutableFields": [], "lastseen": "2021-10-05T16:44:48", "history": [], "viewCount": 49, "enchantments": {"dependencies": {"references": [{"type": "cve", "idList": ["CVE-2021-40444"]}, {"type": "kitploit", "idList": ["KITPLOIT:4033244480100620751", "KITPLOIT:942518396640901655", "KITPLOIT:3456474172768099634", "KITPLOIT:698315176468431184", "KITPLOIT:3697667464193804316", "KITPLOIT:5187040326820919368", "KITPLOIT:5550923684662771880", "KITPLOIT:5230148353750207837", "KITPLOIT:5184284878903042540", "KITPLOIT:2590785192528609562", "KITPLOIT:1624142243530526923", "KITPLOIT:4074521293617632933"]}, {"type": "cisa", "idList": ["CISA:C70D91615E3DC8B589B493118D474566"]}, {"type": "securelist", "idList": ["SECURELIST:63306FA6D056BD9A04969409AC790D84"]}, {"type": "mssecure", "idList": ["MSSECURE:795E0A765679492C51FEFA2B19EAD597"]}, {"type": "mmpc", "idList": ["MMPC:795E0A765679492C51FEFA2B19EAD597"]}, {"type": "trendmicroblog", "idList": ["TRENDMICROBLOG:E17B66F8728189778826A0F497A540F2", "TRENDMICROBLOG:E0C479F55DF4C53A47CA2170110555AE"]}, {"type": "mskb", "idList": ["KB5005563"]}, {"type": "threatpost", "idList": ["THREATPOST:62DC935BF4DB4EF8A4F1E83519B1D5CD", "THREATPOST:6D61C560E85ECD0A7A35C55E74849510", "THREATPOST:3C3F20C93519036CC712D1CA3A6D7C48"]}, {"type": "nessus", "idList": ["SMB_NT_MS21_SEP_5005569.NASL", "SMB_NT_MS21_SEP_5005565.NASL", "SMB_NT_MS21_SEP_5005566.NASL", "SMB_NT_MS21_IE_SEPT_2021.NASL", "SMB_NT_MS21_SEP_5005613.NASL", "SMB_NT_MS21_SEP_INTERNET_EXPLORER.NASL", "SMB_NT_MS21_SEP_5005573.NASL", "SMB_NT_MS21_SEP_5005568.NASL"]}, {"type": "kaspersky", "idList": ["KLA12278", "KLA12277"]}, {"type": "malwarebytes", "idList": ["MALWAREBYTES:DB54B348AF1AC41987150B5CE7B1BC66", "MALWAREBYTES:76333D1F0FCAFD79FA2EDD4A4CAFBB38", "MALWAREBYTES:801E20618F96EF51F9E60F7BC7906C2B"]}, {"type": "krebs", "idList": ["KREBS:2EC42B845847A6DCFE50ECEB9FF61C29", "KREBS:409088FC2DFC219B74043104C2B672CC"]}, {"type": "thn", "idList": ["THN:67ECC712AB360F5A56F2434CDBF6B51F", "THN:59AE75C78D4644BFA6AD90225B3DE0C1", "THN:D4E86BD8938D3B2E15104CA4922A51F8"]}, {"type": "mscve", "idList": ["MS:CVE-2021-40444"]}, {"type": "avleonov", "idList": ["AVLEONOV:5945665DFA613F7707360C10CED8C916"]}, {"type": "qualysblog", "idList": ["QUALYSBLOG:5576D16DC39617927D8AEFF027CC0911"]}, {"type": "rapid7blog", "idList": ["RAPID7BLOG:CC071AA6971D64B0F7A596B2BBD5F046"]}], "modified": "2021-10-05T10:41:56", "rev": 2}, "score": {"value": 4.4, "vector": "NONE", "modified": "2021-10-05T10:41:56", "rev": 2}}, "objectVersion": "1.6", "attackerkb": {"attackerValue": 3, "exploitability": 2}, "wildExploited": true, "wildExploitedCategory": {"Vendor Advisory": "", "News Article or Blog": ""}, "wildExploitedReports": [{"category": "Vendor Advisory", "source_url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-40444", "published": "2021-09-07T18:47:00"}, {"category": "Vendor Advisory", "source_url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-40444", "published": "2021-09-07T22:50:00"}, {"category": "Vendor Advisory", "source_url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-40444", "published": "2021-09-09T09:55:00"}, {"category": "News Article or Blog", "source_url": "", "published": "2021-09-10T05:06:00"}, {"category": "Vendor Advisory", "source_url": "https://www.microsoft.com/security/blog/2021/09/15/analyzing-attacks-that-exploit-the-mshtml-cve-2021-40444-vulnerability/", "published": "2021-09-17T14:53:00"}, {"category": "Threat Feed", "source_url": "", "published": "2021-09-17T14:53:00"}], "references_categories": {"Canonical": ["https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-40444"], "Miscellaneous": ["https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-40444", "http://packetstormsecurity.com/files/164210/Microsoft-Windows-MSHTML-Overview.html"]}, "tags": ["requires_interaction", "obscure_configuration"], "mitre_vector": {"Execution": ["Command and Scripting Interpreter: Windows Command Shell(Validated)", "Exploitation for Client Execution(Validated)", "User Execution(Validated)"]}, "last_activity": "2021-09-25T00:00:00"}, "lastseen": "2021-10-05T16:44:48", "differentElements": ["href"], "edition": 12}, {"bulletin": {"id": "AKB:F7CCD0B7-220B-49E5-A4DF-27E26B64A3F0", "hash": "f895324dfc94580c2fd6a7d9a0f2f27a", "type": "attackerkb", "bulletinFamily": "info", "title": "CVE-2021-40444", "description": "Microsoft MSHTML Remote Code Execution Vulnerability\n\n \n**Recent assessments:** \n \n**JunquerGJ** at September 07, 2021 10:50pm UTC reported:\n\n * Vulnerable if default behaviour has been changed ( By default, Microsoft Office opens documents from the internet in Protected View or Application Guard for Office both of which prevent the current attack ) \n\n * Requires social engineering to be exploited \n\n * Workaround easy to deploy\n\n**ccondon-r7** at September 07, 2021 7:12pm UTC reported:\n\n * Vulnerable if default behaviour has been changed ( By default, Microsoft Office opens documents from the internet in Protected View or Application Guard for Office both of which prevent the current attack ) \n\n * Requires social engineering to be exploited \n\n * Workaround easy to deploy\n\n**nu11secur1ty** at September 22, 2021 4:28pm UTC reported:\n\n * Vulnerable if default behaviour has been changed ( By default, Microsoft Office opens documents from the internet in Protected View or Application Guard for Office both of which prevent the current attack ) \n\n * Requires social engineering to be exploited \n\n * Workaround easy to deploy\n\n**NinjaOperator** at September 07, 2021 6:45pm UTC reported:\n\n * Vulnerable if default behaviour has been changed ( By default, Microsoft Office opens documents from the internet in Protected View or Application Guard for Office both of which prevent the current attack ) \n\n * Requires social engineering to be exploited \n\n * Workaround easy to deploy\n\nAssessed Attacker Value: 3 \nAssessed Attacker Value: 3Assessed Attacker Value: 2\n", "published": "2021-09-15T00:00:00", "modified": "2021-09-25T00:00:00", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}, "cvss2": {}, "cvss3": {}, "href": "https://attackerkb.com/comments/d5168efc-757d-4584-a59f-dd75d566c156", "reporter": "AttackerKB", "references": ["https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-40444", "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-40444", "http://packetstormsecurity.com/files/164210/Microsoft-Windows-MSHTML-Overview.html"], "cvelist": ["CVE-2021-40444"], "immutableFields": [], "lastseen": "2021-10-05T16:45:26", "history": [], "viewCount": 49, "enchantments": {"dependencies": {"references": [{"type": "cve", "idList": ["CVE-2021-40444"]}, {"type": "kitploit", "idList": ["KITPLOIT:4033244480100620751", "KITPLOIT:942518396640901655", "KITPLOIT:3456474172768099634", "KITPLOIT:698315176468431184", "KITPLOIT:3697667464193804316", "KITPLOIT:5187040326820919368", "KITPLOIT:5550923684662771880", "KITPLOIT:5230148353750207837", "KITPLOIT:5184284878903042540", "KITPLOIT:2590785192528609562", "KITPLOIT:1624142243530526923", "KITPLOIT:4074521293617632933"]}, {"type": "cisa", "idList": ["CISA:C70D91615E3DC8B589B493118D474566"]}, {"type": "securelist", "idList": ["SECURELIST:63306FA6D056BD9A04969409AC790D84"]}, {"type": "mssecure", "idList": ["MSSECURE:795E0A765679492C51FEFA2B19EAD597"]}, {"type": "mmpc", "idList": ["MMPC:795E0A765679492C51FEFA2B19EAD597"]}, {"type": "trendmicroblog", "idList": ["TRENDMICROBLOG:E17B66F8728189778826A0F497A540F2", "TRENDMICROBLOG:E0C479F55DF4C53A47CA2170110555AE"]}, {"type": "mskb", "idList": ["KB5005563"]}, {"type": "threatpost", "idList": ["THREATPOST:62DC935BF4DB4EF8A4F1E83519B1D5CD", "THREATPOST:6D61C560E85ECD0A7A35C55E74849510", "THREATPOST:3C3F20C93519036CC712D1CA3A6D7C48"]}, {"type": "nessus", "idList": ["SMB_NT_MS21_SEP_5005569.NASL", "SMB_NT_MS21_SEP_5005565.NASL", "SMB_NT_MS21_SEP_5005566.NASL", "SMB_NT_MS21_IE_SEPT_2021.NASL", "SMB_NT_MS21_SEP_5005613.NASL", "SMB_NT_MS21_SEP_INTERNET_EXPLORER.NASL", "SMB_NT_MS21_SEP_5005573.NASL", "SMB_NT_MS21_SEP_5005568.NASL"]}, {"type": "kaspersky", "idList": ["KLA12278", "KLA12277"]}, {"type": "malwarebytes", "idList": ["MALWAREBYTES:DB54B348AF1AC41987150B5CE7B1BC66", "MALWAREBYTES:76333D1F0FCAFD79FA2EDD4A4CAFBB38", "MALWAREBYTES:801E20618F96EF51F9E60F7BC7906C2B"]}, {"type": "krebs", "idList": ["KREBS:2EC42B845847A6DCFE50ECEB9FF61C29", "KREBS:409088FC2DFC219B74043104C2B672CC"]}, {"type": "thn", "idList": ["THN:67ECC712AB360F5A56F2434CDBF6B51F", "THN:59AE75C78D4644BFA6AD90225B3DE0C1", "THN:D4E86BD8938D3B2E15104CA4922A51F8"]}, {"type": "mscve", "idList": ["MS:CVE-2021-40444"]}, {"type": "avleonov", "idList": ["AVLEONOV:5945665DFA613F7707360C10CED8C916"]}, {"type": "qualysblog", "idList": ["QUALYSBLOG:5576D16DC39617927D8AEFF027CC0911"]}, {"type": "rapid7blog", "idList": ["RAPID7BLOG:CC071AA6971D64B0F7A596B2BBD5F046"]}], "modified": "2021-10-05T10:41:56", "rev": 2}, "score": {"value": 4.4, "vector": "NONE", "modified": "2021-10-05T10:41:56", "rev": 2}}, "objectVersion": "1.6", "attackerkb": {"attackerValue": 3, "exploitability": 2}, "wildExploited": true, "wildExploitedCategory": {"Vendor Advisory": "", "News Article or Blog": ""}, "wildExploitedReports": [{"category": "Vendor Advisory", "source_url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-40444", "published": "2021-09-07T18:47:00"}, {"category": "Vendor Advisory", "source_url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-40444", "published": "2021-09-07T22:50:00"}, {"category": "Vendor Advisory", "source_url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-40444", "published": "2021-09-09T09:55:00"}, {"category": "News Article or Blog", "source_url": "", "published": "2021-09-10T05:06:00"}, {"category": "Vendor Advisory", "source_url": "https://www.microsoft.com/security/blog/2021/09/15/analyzing-attacks-that-exploit-the-mshtml-cve-2021-40444-vulnerability/", "published": "2021-09-17T14:53:00"}, {"category": "Threat Feed", "source_url": "", "published": "2021-09-17T14:53:00"}], "references_categories": {"Canonical": ["https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-40444"], "Miscellaneous": ["https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-40444", "http://packetstormsecurity.com/files/164210/Microsoft-Windows-MSHTML-Overview.html"]}, "tags": ["requires_interaction", "obscure_configuration"], "mitre_vector": {"Execution": ["Command and Scripting Interpreter: Windows Command Shell(Validated)", "Exploitation for Client Execution(Validated)", "User Execution(Validated)"]}, "last_activity": "2021-09-25T00:00:00"}, "lastseen": "2021-10-05T16:45:26", "differentElements": ["href"], "edition": 13}, {"bulletin": {"id": "AKB:F7CCD0B7-220B-49E5-A4DF-27E26B64A3F0", "hash": "3d52b470d5472513daaca763ba17c977", "type": "attackerkb", "bulletinFamily": "info", "title": "CVE-2021-40444", "description": "Microsoft MSHTML Remote Code Execution Vulnerability\n\n \n**Recent assessments:** \n \n**JunquerGJ** at September 07, 2021 10:50pm UTC reported:\n\n * Vulnerable if default behaviour has been changed ( By default, Microsoft Office opens documents from the internet in Protected View or Application Guard for Office both of which prevent the current attack ) \n\n * Requires social engineering to be exploited \n\n * Workaround easy to deploy\n\n**ccondon-r7** at September 07, 2021 7:12pm UTC reported:\n\n * Vulnerable if default behaviour has been changed ( By default, Microsoft Office opens documents from the internet in Protected View or Application Guard for Office both of which prevent the current attack ) \n\n * Requires social engineering to be exploited \n\n * Workaround easy to deploy\n\n**nu11secur1ty** at September 22, 2021 4:28pm UTC reported:\n\n * Vulnerable if default behaviour has been changed ( By default, Microsoft Office opens documents from the internet in Protected View or Application Guard for Office both of which prevent the current attack ) \n\n * Requires social engineering to be exploited \n\n * Workaround easy to deploy\n\n**NinjaOperator** at September 07, 2021 6:45pm UTC reported:\n\n * Vulnerable if default behaviour has been changed ( By default, Microsoft Office opens documents from the internet in Protected View or Application Guard for Office both of which prevent the current attack ) \n\n * Requires social engineering to be exploited \n\n * Workaround easy to deploy\n\nAssessed Attacker Value: 3 \nAssessed Attacker Value: 3Assessed Attacker Value: 2\n", "published": "2021-09-15T00:00:00", "modified": "2021-09-25T00:00:00", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}, "cvss2": {}, "cvss3": {}, "href": "https://attackerkb.com/topics/6ojqzQoPox/cve-2021-40444", "reporter": "AttackerKB", "references": ["https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-40444", "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-40444", "http://packetstormsecurity.com/files/164210/Microsoft-Windows-MSHTML-Overview.html"], "cvelist": ["CVE-2021-40444"], "immutableFields": [], "lastseen": "2021-10-05T19:43:32", "history": [], "viewCount": 49, "enchantments": {"dependencies": {"references": [{"type": "cve", "idList": ["CVE-2021-40444"]}, {"type": "kitploit", "idList": ["KITPLOIT:4033244480100620751", "KITPLOIT:942518396640901655", "KITPLOIT:3456474172768099634", "KITPLOIT:698315176468431184", "KITPLOIT:3697667464193804316", "KITPLOIT:5187040326820919368", "KITPLOIT:5550923684662771880", "KITPLOIT:5230148353750207837", "KITPLOIT:5184284878903042540", "KITPLOIT:2590785192528609562", "KITPLOIT:1624142243530526923", "KITPLOIT:4074521293617632933"]}, {"type": "cisa", "idList": ["CISA:C70D91615E3DC8B589B493118D474566"]}, {"type": "securelist", "idList": ["SECURELIST:63306FA6D056BD9A04969409AC790D84"]}, {"type": "mssecure", "idList": ["MSSECURE:795E0A765679492C51FEFA2B19EAD597"]}, {"type": "mmpc", "idList": ["MMPC:795E0A765679492C51FEFA2B19EAD597"]}, {"type": "trendmicroblog", "idList": ["TRENDMICROBLOG:E17B66F8728189778826A0F497A540F2", "TRENDMICROBLOG:E0C479F55DF4C53A47CA2170110555AE"]}, {"type": "mskb", "idList": ["KB5005563"]}, {"type": "threatpost", "idList": ["THREATPOST:62DC935BF4DB4EF8A4F1E83519B1D5CD", "THREATPOST:6D61C560E85ECD0A7A35C55E74849510", "THREATPOST:3C3F20C93519036CC712D1CA3A6D7C48"]}, {"type": "nessus", "idList": ["SMB_NT_MS21_SEP_5005569.NASL", "SMB_NT_MS21_SEP_5005565.NASL", "SMB_NT_MS21_SEP_5005566.NASL", "SMB_NT_MS21_IE_SEPT_2021.NASL", "SMB_NT_MS21_SEP_5005613.NASL", "SMB_NT_MS21_SEP_INTERNET_EXPLORER.NASL", "SMB_NT_MS21_SEP_5005573.NASL", "SMB_NT_MS21_SEP_5005568.NASL"]}, {"type": "kaspersky", "idList": ["KLA12278", "KLA12277"]}, {"type": "malwarebytes", "idList": ["MALWAREBYTES:DB54B348AF1AC41987150B5CE7B1BC66", "MALWAREBYTES:76333D1F0FCAFD79FA2EDD4A4CAFBB38", "MALWAREBYTES:801E20618F96EF51F9E60F7BC7906C2B"]}, {"type": "krebs", "idList": ["KREBS:2EC42B845847A6DCFE50ECEB9FF61C29", "KREBS:409088FC2DFC219B74043104C2B672CC"]}, {"type": "thn", "idList": ["THN:67ECC712AB360F5A56F2434CDBF6B51F", "THN:59AE75C78D4644BFA6AD90225B3DE0C1", "THN:D4E86BD8938D3B2E15104CA4922A51F8"]}, {"type": "mscve", "idList": ["MS:CVE-2021-40444"]}, {"type": "avleonov", "idList": ["AVLEONOV:5945665DFA613F7707360C10CED8C916"]}, {"type": "qualysblog", "idList": ["QUALYSBLOG:5576D16DC39617927D8AEFF027CC0911"]}, {"type": "rapid7blog", "idList": ["RAPID7BLOG:CC071AA6971D64B0F7A596B2BBD5F046"]}], "modified": "2021-10-05T10:41:56", "rev": 2}, "score": {"value": 4.4, "vector": "NONE", "modified": "2021-10-05T10:41:56", "rev": 2}}, "objectVersion": "1.6", "attackerkb": {"attackerValue": 3, "exploitability": 2}, "wildExploited": true, "wildExploitedCategory": {"Vendor Advisory": "", "News Article or Blog": ""}, "wildExploitedReports": [{"category": "Vendor Advisory", "source_url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-40444", "published": "2021-09-07T18:47:00"}, {"category": "Vendor Advisory", "source_url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-40444", "published": "2021-09-07T22:50:00"}, {"category": "Vendor Advisory", "source_url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-40444", "published": "2021-09-09T09:55:00"}, {"category": "News Article or Blog", "source_url": "", "published": "2021-09-10T05:06:00"}, {"category": "Vendor Advisory", "source_url": "https://www.microsoft.com/security/blog/2021/09/15/analyzing-attacks-that-exploit-the-mshtml-cve-2021-40444-vulnerability/", "published": "2021-09-17T14:53:00"}, {"category": "Threat Feed", "source_url": "", "published": "2021-09-17T14:53:00"}], "references_categories": {"Canonical": ["https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-40444"], "Miscellaneous": ["https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-40444", "http://packetstormsecurity.com/files/164210/Microsoft-Windows-MSHTML-Overview.html"]}, "tags": ["requires_interaction", "obscure_configuration"], "mitre_vector": {"Execution": ["Command and Scripting Interpreter: Windows Command Shell(Validated)", "Exploitation for Client Execution(Validated)", "User Execution(Validated)"]}, "last_activity": "2021-09-25T00:00:00"}, "lastseen": "2021-10-05T19:43:32", "differentElements": ["href"], "edition": 14}, {"bulletin": {"id": "AKB:F7CCD0B7-220B-49E5-A4DF-27E26B64A3F0", "hash": "f895324dfc94580c2fd6a7d9a0f2f27a", "type": "attackerkb", "bulletinFamily": "info", "title": "CVE-2021-40444", "description": "Microsoft MSHTML Remote Code Execution Vulnerability\n\n \n**Recent assessments:** \n \n**JunquerGJ** at September 07, 2021 10:50pm UTC reported:\n\n * Vulnerable if default behaviour has been changed ( By default, Microsoft Office opens documents from the internet in Protected View or Application Guard for Office both of which prevent the current attack ) \n\n * Requires social engineering to be exploited \n\n * Workaround easy to deploy\n\n**ccondon-r7** at September 07, 2021 7:12pm UTC reported:\n\n * Vulnerable if default behaviour has been changed ( By default, Microsoft Office opens documents from the internet in Protected View or Application Guard for Office both of which prevent the current attack ) \n\n * Requires social engineering to be exploited \n\n * Workaround easy to deploy\n\n**nu11secur1ty** at September 22, 2021 4:28pm UTC reported:\n\n * Vulnerable if default behaviour has been changed ( By default, Microsoft Office opens documents from the internet in Protected View or Application Guard for Office both of which prevent the current attack ) \n\n * Requires social engineering to be exploited \n\n * Workaround easy to deploy\n\n**NinjaOperator** at September 07, 2021 6:45pm UTC reported:\n\n * Vulnerable if default behaviour has been changed ( By default, Microsoft Office opens documents from the internet in Protected View or Application Guard for Office both of which prevent the current attack ) \n\n * Requires social engineering to be exploited \n\n * Workaround easy to deploy\n\nAssessed Attacker Value: 3 \nAssessed Attacker Value: 3Assessed Attacker Value: 2\n", "published": "2021-09-15T00:00:00", "modified": "2021-09-25T00:00:00", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}, "cvss2": {}, "cvss3": {}, "href": "https://attackerkb.com/comments/d5168efc-757d-4584-a59f-dd75d566c156", "reporter": "AttackerKB", "references": ["https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-40444", "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-40444", "http://packetstormsecurity.com/files/164210/Microsoft-Windows-MSHTML-Overview.html"], "cvelist": ["CVE-2021-40444"], "immutableFields": [], "lastseen": "2021-10-05T22:43:58", "history": [], "viewCount": 49, "enchantments": {"dependencies": {"references": [{"type": "cve", "idList": ["CVE-2021-40444"]}, {"type": "kitploit", "idList": ["KITPLOIT:4033244480100620751", "KITPLOIT:942518396640901655", "KITPLOIT:3456474172768099634", "KITPLOIT:698315176468431184", "KITPLOIT:3697667464193804316", "KITPLOIT:5187040326820919368", "KITPLOIT:5550923684662771880", "KITPLOIT:5230148353750207837", "KITPLOIT:5184284878903042540", "KITPLOIT:2590785192528609562", "KITPLOIT:1624142243530526923", "KITPLOIT:4074521293617632933"]}, {"type": "cisa", "idList": ["CISA:C70D91615E3DC8B589B493118D474566"]}, {"type": "securelist", "idList": ["SECURELIST:63306FA6D056BD9A04969409AC790D84"]}, {"type": "mssecure", "idList": ["MSSECURE:795E0A765679492C51FEFA2B19EAD597"]}, {"type": "mmpc", "idList": ["MMPC:795E0A765679492C51FEFA2B19EAD597"]}, {"type": "trendmicroblog", "idList": ["TRENDMICROBLOG:E17B66F8728189778826A0F497A540F2", "TRENDMICROBLOG:E0C479F55DF4C53A47CA2170110555AE"]}, {"type": "mskb", "idList": ["KB5005563"]}, {"type": "threatpost", "idList": ["THREATPOST:62DC935BF4DB4EF8A4F1E83519B1D5CD", "THREATPOST:6D61C560E85ECD0A7A35C55E74849510", "THREATPOST:3C3F20C93519036CC712D1CA3A6D7C48"]}, {"type": "nessus", "idList": ["SMB_NT_MS21_SEP_5005569.NASL", "SMB_NT_MS21_SEP_5005565.NASL", "SMB_NT_MS21_SEP_5005566.NASL", "SMB_NT_MS21_IE_SEPT_2021.NASL", "SMB_NT_MS21_SEP_5005613.NASL", "SMB_NT_MS21_SEP_INTERNET_EXPLORER.NASL", "SMB_NT_MS21_SEP_5005573.NASL", "SMB_NT_MS21_SEP_5005568.NASL"]}, {"type": "kaspersky", "idList": ["KLA12278", "KLA12277"]}, {"type": "malwarebytes", "idList": ["MALWAREBYTES:DB54B348AF1AC41987150B5CE7B1BC66", "MALWAREBYTES:76333D1F0FCAFD79FA2EDD4A4CAFBB38", "MALWAREBYTES:801E20618F96EF51F9E60F7BC7906C2B"]}, {"type": "krebs", "idList": ["KREBS:2EC42B845847A6DCFE50ECEB9FF61C29", "KREBS:409088FC2DFC219B74043104C2B672CC"]}, {"type": "thn", "idList": ["THN:67ECC712AB360F5A56F2434CDBF6B51F", "THN:59AE75C78D4644BFA6AD90225B3DE0C1", "THN:D4E86BD8938D3B2E15104CA4922A51F8"]}, {"type": "mscve", "idList": ["MS:CVE-2021-40444"]}, {"type": "avleonov", "idList": ["AVLEONOV:5945665DFA613F7707360C10CED8C916"]}, {"type": "qualysblog", "idList": ["QUALYSBLOG:5576D16DC39617927D8AEFF027CC0911"]}, {"type": "rapid7blog", "idList": ["RAPID7BLOG:CC071AA6971D64B0F7A596B2BBD5F046"]}], "modified": "2021-10-05T10:41:56", "rev": 2}, "score": {"value": 4.4, "vector": "NONE", "modified": "2021-10-05T10:41:56", "rev": 2}}, "objectVersion": "1.6", "attackerkb": {"attackerValue": 3, "exploitability": 2}, "wildExploited": true, "wildExploitedCategory": {"Vendor Advisory": "", "News Article or Blog": ""}, "wildExploitedReports": [{"category": "Vendor Advisory", "source_url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-40444", "published": "2021-09-07T18:47:00"}, {"category": "Vendor Advisory", "source_url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-40444", "published": "2021-09-07T22:50:00"}, {"category": "Vendor Advisory", "source_url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-40444", "published": "2021-09-09T09:55:00"}, {"category": "News Article or Blog", "source_url": "", "published": "2021-09-10T05:06:00"}, {"category": "Vendor Advisory", "source_url": "https://www.microsoft.com/security/blog/2021/09/15/analyzing-attacks-that-exploit-the-mshtml-cve-2021-40444-vulnerability/", "published": "2021-09-17T14:53:00"}, {"category": "Threat Feed", "source_url": "", "published": "2021-09-17T14:53:00"}], "references_categories": {"Canonical": ["https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-40444"], "Miscellaneous": ["https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-40444", "http://packetstormsecurity.com/files/164210/Microsoft-Windows-MSHTML-Overview.html"]}, "tags": ["requires_interaction", "obscure_configuration"], "mitre_vector": {"Execution": ["Command and Scripting Interpreter: Windows Command Shell(Validated)", "Exploitation for Client Execution(Validated)", "User Execution(Validated)"]}, "last_activity": "2021-09-25T00:00:00"}, "lastseen": "2021-10-05T22:43:58", "differentElements": ["href"], "edition": 15}, {"bulletin": {"id": "AKB:F7CCD0B7-220B-49E5-A4DF-27E26B64A3F0", "hash": "3d52b470d5472513daaca763ba17c977", "type": "attackerkb", "bulletinFamily": "info", "title": "CVE-2021-40444", "description": "Microsoft MSHTML Remote Code Execution Vulnerability\n\n \n**Recent assessments:** \n \n**JunquerGJ** at September 07, 2021 10:50pm UTC reported:\n\n * Vulnerable if default behaviour has been changed ( By default, Microsoft Office opens documents from the internet in Protected View or Application Guard for Office both of which prevent the current attack ) \n\n * Requires social engineering to be exploited \n\n * Workaround easy to deploy\n\n**ccondon-r7** at September 07, 2021 7:12pm UTC reported:\n\n * Vulnerable if default behaviour has been changed ( By default, Microsoft Office opens documents from the internet in Protected View or Application Guard for Office both of which prevent the current attack ) \n\n * Requires social engineering to be exploited \n\n * Workaround easy to deploy\n\n**nu11secur1ty** at September 22, 2021 4:28pm UTC reported:\n\n * Vulnerable if default behaviour has been changed ( By default, Microsoft Office opens documents from the internet in Protected View or Application Guard for Office both of which prevent the current attack ) \n\n * Requires social engineering to be exploited \n\n * Workaround easy to deploy\n\n**NinjaOperator** at September 07, 2021 6:45pm UTC reported:\n\n * Vulnerable if default behaviour has been changed ( By default, Microsoft Office opens documents from the internet in Protected View or Application Guard for Office both of which prevent the current attack ) \n\n * Requires social engineering to be exploited \n\n * Workaround easy to deploy\n\nAssessed Attacker Value: 3 \nAssessed Attacker Value: 3Assessed Attacker Value: 2\n", "published": "2021-09-15T00:00:00", "modified": "2021-09-25T00:00:00", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}, "cvss2": {}, "cvss3": {}, "href": "https://attackerkb.com/topics/6ojqzQoPox/cve-2021-40444", "reporter": "AttackerKB", "references": ["https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-40444", "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-40444", "http://packetstormsecurity.com/files/164210/Microsoft-Windows-MSHTML-Overview.html"], "cvelist": ["CVE-2021-40444"], "immutableFields": [], "lastseen": "2021-10-06T01:41:41", "history": [], "viewCount": 49, "enchantments": {"dependencies": {"references": [{"type": "cve", "idList": ["CVE-2021-40444"]}, {"type": "kitploit", "idList": ["KITPLOIT:4033244480100620751", "KITPLOIT:942518396640901655", "KITPLOIT:3456474172768099634", "KITPLOIT:698315176468431184", "KITPLOIT:3697667464193804316", "KITPLOIT:5187040326820919368", "KITPLOIT:5550923684662771880", "KITPLOIT:5230148353750207837", "KITPLOIT:5184284878903042540", "KITPLOIT:2590785192528609562", "KITPLOIT:1624142243530526923", "KITPLOIT:4074521293617632933"]}, {"type": "cisa", "idList": ["CISA:C70D91615E3DC8B589B493118D474566"]}, {"type": "securelist", "idList": ["SECURELIST:63306FA6D056BD9A04969409AC790D84"]}, {"type": "mssecure", "idList": ["MSSECURE:795E0A765679492C51FEFA2B19EAD597"]}, {"type": "mmpc", "idList": ["MMPC:795E0A765679492C51FEFA2B19EAD597"]}, {"type": "trendmicroblog", "idList": ["TRENDMICROBLOG:E17B66F8728189778826A0F497A540F2", "TRENDMICROBLOG:E0C479F55DF4C53A47CA2170110555AE"]}, {"type": "mskb", "idList": ["KB5005563"]}, {"type": "threatpost", "idList": ["THREATPOST:62DC935BF4DB4EF8A4F1E83519B1D5CD", "THREATPOST:6D61C560E85ECD0A7A35C55E74849510", "THREATPOST:3C3F20C93519036CC712D1CA3A6D7C48"]}, {"type": "nessus", "idList": ["SMB_NT_MS21_SEP_5005569.NASL", "SMB_NT_MS21_SEP_5005565.NASL", "SMB_NT_MS21_SEP_5005566.NASL", "SMB_NT_MS21_IE_SEPT_2021.NASL", "SMB_NT_MS21_SEP_5005613.NASL", "SMB_NT_MS21_SEP_INTERNET_EXPLORER.NASL", "SMB_NT_MS21_SEP_5005573.NASL", "SMB_NT_MS21_SEP_5005568.NASL"]}, {"type": "kaspersky", "idList": ["KLA12278", "KLA12277"]}, {"type": "malwarebytes", "idList": ["MALWAREBYTES:DB54B348AF1AC41987150B5CE7B1BC66", "MALWAREBYTES:76333D1F0FCAFD79FA2EDD4A4CAFBB38", "MALWAREBYTES:801E20618F96EF51F9E60F7BC7906C2B"]}, {"type": "krebs", "idList": ["KREBS:2EC42B845847A6DCFE50ECEB9FF61C29", "KREBS:409088FC2DFC219B74043104C2B672CC"]}, {"type": "thn", "idList": ["THN:67ECC712AB360F5A56F2434CDBF6B51F", "THN:59AE75C78D4644BFA6AD90225B3DE0C1", "THN:D4E86BD8938D3B2E15104CA4922A51F8"]}, {"type": "mscve", "idList": ["MS:CVE-2021-40444"]}, {"type": "avleonov", "idList": ["AVLEONOV:5945665DFA613F7707360C10CED8C916"]}, {"type": "qualysblog", "idList": ["QUALYSBLOG:5576D16DC39617927D8AEFF027CC0911"]}, {"type": "rapid7blog", "idList": ["RAPID7BLOG:CC071AA6971D64B0F7A596B2BBD5F046"]}], "modified": "2021-10-05T10:41:56", "rev": 2}, "score": {"value": 4.4, "vector": "NONE", "modified": "2021-10-05T10:41:56", "rev": 2}}, "objectVersion": "1.6", "attackerkb": {"attackerValue": 3, "exploitability": 2}, "wildExploited": true, "wildExploitedCategory": {"Vendor Advisory": "", "News Article or Blog": ""}, "wildExploitedReports": [{"category": "Vendor Advisory", "source_url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-40444", "published": "2021-09-07T18:47:00"}, {"category": "Vendor Advisory", "source_url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-40444", "published": "2021-09-07T22:50:00"}, {"category": "Vendor Advisory", "source_url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-40444", "published": "2021-09-09T09:55:00"}, {"category": "News Article or Blog", "source_url": "", "published": "2021-09-10T05:06:00"}, {"category": "Vendor Advisory", "source_url": "https://www.microsoft.com/security/blog/2021/09/15/analyzing-attacks-that-exploit-the-mshtml-cve-2021-40444-vulnerability/", "published": "2021-09-17T14:53:00"}, {"category": "Threat Feed", "source_url": "", "published": "2021-09-17T14:53:00"}], "references_categories": {"Canonical": ["https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-40444"], "Miscellaneous": ["https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-40444", "http://packetstormsecurity.com/files/164210/Microsoft-Windows-MSHTML-Overview.html"]}, "tags": ["requires_interaction", "obscure_configuration"], "mitre_vector": {"Execution": ["Command and Scripting Interpreter: Windows Command Shell(Validated)", "Exploitation for Client Execution(Validated)", "User Execution(Validated)"]}, "last_activity": "2021-09-25T00:00:00"}, "lastseen": "2021-10-06T01:41:41", "differentElements": ["href"], "edition": 16}, {"bulletin": {"id": "AKB:F7CCD0B7-220B-49E5-A4DF-27E26B64A3F0", "hash": "f895324dfc94580c2fd6a7d9a0f2f27a", "type": "attackerkb", "bulletinFamily": "info", "title": "CVE-2021-40444", "description": "Microsoft MSHTML Remote Code Execution Vulnerability\n\n \n**Recent assessments:** \n \n**JunquerGJ** at September 07, 2021 10:50pm UTC reported:\n\n * Vulnerable if default behaviour has been changed ( By default, Microsoft Office opens documents from the internet in Protected View or Application Guard for Office both of which prevent the current attack ) \n\n * Requires social engineering to be exploited \n\n * Workaround easy to deploy\n\n**ccondon-r7** at September 07, 2021 7:12pm UTC reported:\n\n * Vulnerable if default behaviour has been changed ( By default, Microsoft Office opens documents from the internet in Protected View or Application Guard for Office both of which prevent the current attack ) \n\n * Requires social engineering to be exploited \n\n * Workaround easy to deploy\n\n**nu11secur1ty** at September 22, 2021 4:28pm UTC reported:\n\n * Vulnerable if default behaviour has been changed ( By default, Microsoft Office opens documents from the internet in Protected View or Application Guard for Office both of which prevent the current attack ) \n\n * Requires social engineering to be exploited \n\n * Workaround easy to deploy\n\n**NinjaOperator** at September 07, 2021 6:45pm UTC reported:\n\n * Vulnerable if default behaviour has been changed ( By default, Microsoft Office opens documents from the internet in Protected View or Application Guard for Office both of which prevent the current attack ) \n\n * Requires social engineering to be exploited \n\n * Workaround easy to deploy\n\nAssessed Attacker Value: 3 \nAssessed Attacker Value: 3Assessed Attacker Value: 2\n", "published": "2021-09-15T00:00:00", "modified": "2021-09-25T00:00:00", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}, "cvss2": {}, "cvss3": {}, "href": "https://attackerkb.com/comments/d5168efc-757d-4584-a59f-dd75d566c156", "reporter": "AttackerKB", "references": ["https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-40444", "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-40444", "http://packetstormsecurity.com/files/164210/Microsoft-Windows-MSHTML-Overview.html"], "cvelist": ["CVE-2021-40444"], "immutableFields": [], "lastseen": "2021-10-06T01:41:44", "history": [], "viewCount": 49, "enchantments": {"dependencies": {"references": [{"type": "cve", "idList": ["CVE-2021-40444"]}, {"type": "kitploit", "idList": ["KITPLOIT:4033244480100620751", "KITPLOIT:942518396640901655", "KITPLOIT:3456474172768099634", "KITPLOIT:698315176468431184", "KITPLOIT:3697667464193804316", "KITPLOIT:5187040326820919368", "KITPLOIT:5550923684662771880", "KITPLOIT:5230148353750207837", "KITPLOIT:5184284878903042540", "KITPLOIT:2590785192528609562", "KITPLOIT:1624142243530526923", "KITPLOIT:4074521293617632933"]}, {"type": "cisa", "idList": ["CISA:C70D91615E3DC8B589B493118D474566"]}, {"type": "securelist", "idList": ["SECURELIST:63306FA6D056BD9A04969409AC790D84"]}, {"type": "mssecure", "idList": ["MSSECURE:795E0A765679492C51FEFA2B19EAD597"]}, {"type": "mmpc", "idList": ["MMPC:795E0A765679492C51FEFA2B19EAD597"]}, {"type": "trendmicroblog", "idList": ["TRENDMICROBLOG:E17B66F8728189778826A0F497A540F2", "TRENDMICROBLOG:E0C479F55DF4C53A47CA2170110555AE"]}, {"type": "mskb", "idList": ["KB5005563"]}, {"type": "threatpost", "idList": ["THREATPOST:62DC935BF4DB4EF8A4F1E83519B1D5CD", "THREATPOST:6D61C560E85ECD0A7A35C55E74849510", "THREATPOST:3C3F20C93519036CC712D1CA3A6D7C48"]}, {"type": "nessus", "idList": ["SMB_NT_MS21_SEP_5005569.NASL", "SMB_NT_MS21_SEP_5005565.NASL", "SMB_NT_MS21_SEP_5005566.NASL", "SMB_NT_MS21_IE_SEPT_2021.NASL", "SMB_NT_MS21_SEP_5005613.NASL", "SMB_NT_MS21_SEP_INTERNET_EXPLORER.NASL", "SMB_NT_MS21_SEP_5005573.NASL", "SMB_NT_MS21_SEP_5005568.NASL"]}, {"type": "kaspersky", "idList": ["KLA12278", "KLA12277"]}, {"type": "malwarebytes", "idList": ["MALWAREBYTES:DB54B348AF1AC41987150B5CE7B1BC66", "MALWAREBYTES:76333D1F0FCAFD79FA2EDD4A4CAFBB38", "MALWAREBYTES:801E20618F96EF51F9E60F7BC7906C2B"]}, {"type": "krebs", "idList": ["KREBS:2EC42B845847A6DCFE50ECEB9FF61C29", "KREBS:409088FC2DFC219B74043104C2B672CC"]}, {"type": "thn", "idList": ["THN:67ECC712AB360F5A56F2434CDBF6B51F", "THN:59AE75C78D4644BFA6AD90225B3DE0C1", "THN:D4E86BD8938D3B2E15104CA4922A51F8"]}, {"type": "mscve", "idList": ["MS:CVE-2021-40444"]}, {"type": "avleonov", "idList": ["AVLEONOV:5945665DFA613F7707360C10CED8C916"]}, {"type": "qualysblog", "idList": ["QUALYSBLOG:5576D16DC39617927D8AEFF027CC0911"]}, {"type": "rapid7blog", "idList": ["RAPID7BLOG:CC071AA6971D64B0F7A596B2BBD5F046"]}], "modified": "2021-10-05T10:41:56", "rev": 2}, "score": {"value": 4.4, "vector": "NONE", "modified": "2021-10-05T10:41:56", "rev": 2}}, "objectVersion": "1.6", "attackerkb": {"attackerValue": 3, "exploitability": 2}, "wildExploited": true, "wildExploitedCategory": {"Vendor Advisory": "", "News Article or Blog": ""}, "wildExploitedReports": [{"category": "Vendor Advisory", "source_url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-40444", "published": "2021-09-07T18:47:00"}, {"category": "Vendor Advisory", "source_url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-40444", "published": "2021-09-07T22:50:00"}, {"category": "Vendor Advisory", "source_url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-40444", "published": "2021-09-09T09:55:00"}, {"category": "News Article or Blog", "source_url": "", "published": "2021-09-10T05:06:00"}, {"category": "Vendor Advisory", "source_url": "https://www.microsoft.com/security/blog/2021/09/15/analyzing-attacks-that-exploit-the-mshtml-cve-2021-40444-vulnerability/", "published": "2021-09-17T14:53:00"}, {"category": "Threat Feed", "source_url": "", "published": "2021-09-17T14:53:00"}], "references_categories": {"Canonical": ["https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-40444"], "Miscellaneous": ["https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-40444", "http://packetstormsecurity.com/files/164210/Microsoft-Windows-MSHTML-Overview.html"]}, "tags": ["requires_interaction", "obscure_configuration"], "mitre_vector": {"Execution": ["Command and Scripting Interpreter: Windows Command Shell(Validated)", "Exploitation for Client Execution(Validated)", "User Execution(Validated)"]}, "last_activity": "2021-09-25T00:00:00"}, "lastseen": "2021-10-06T01:41:44", "differentElements": ["href"], "edition": 17}, {"bulletin": {"id": "AKB:F7CCD0B7-220B-49E5-A4DF-27E26B64A3F0", "hash": "3d52b470d5472513daaca763ba17c977", "type": "attackerkb", "bulletinFamily": "info", "title": "CVE-2021-40444", "description": "Microsoft MSHTML Remote Code Execution Vulnerability\n\n \n**Recent assessments:** \n \n**JunquerGJ** at September 07, 2021 10:50pm UTC reported:\n\n * Vulnerable if default behaviour has been changed ( By default, Microsoft Office opens documents from the internet in Protected View or Application Guard for Office both of which prevent the current attack ) \n\n * Requires social engineering to be exploited \n\n * Workaround easy to deploy\n\n**ccondon-r7** at September 07, 2021 7:12pm UTC reported:\n\n * Vulnerable if default behaviour has been changed ( By default, Microsoft Office opens documents from the internet in Protected View or Application Guard for Office both of which prevent the current attack ) \n\n * Requires social engineering to be exploited \n\n * Workaround easy to deploy\n\n**nu11secur1ty** at September 22, 2021 4:28pm UTC reported:\n\n * Vulnerable if default behaviour has been changed ( By default, Microsoft Office opens documents from the internet in Protected View or Application Guard for Office both of which prevent the current attack ) \n\n * Requires social engineering to be exploited \n\n * Workaround easy to deploy\n\n**NinjaOperator** at September 07, 2021 6:45pm UTC reported:\n\n * Vulnerable if default behaviour has been changed ( By default, Microsoft Office opens documents from the internet in Protected View or Application Guard for Office both of which prevent the current attack ) \n\n * Requires social engineering to be exploited \n\n * Workaround easy to deploy\n\nAssessed Attacker Value: 3 \nAssessed Attacker Value: 3Assessed Attacker Value: 2\n", "published": "2021-09-15T00:00:00", "modified": "2021-09-25T00:00:00", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}, "cvss2": {}, "cvss3": {}, "href": "https://attackerkb.com/topics/6ojqzQoPox/cve-2021-40444", "reporter": "AttackerKB", "references": ["https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-40444", "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-40444", "http://packetstormsecurity.com/files/164210/Microsoft-Windows-MSHTML-Overview.html"], "cvelist": ["CVE-2021-40444"], "immutableFields": [], "lastseen": "2021-10-06T04:42:22", "history": [], "viewCount": 49, "enchantments": {"dependencies": {"references": [{"type": "cve", "idList": ["CVE-2021-40444"]}, {"type": "kitploit", "idList": ["KITPLOIT:4033244480100620751", "KITPLOIT:942518396640901655", "KITPLOIT:3456474172768099634", "KITPLOIT:698315176468431184", "KITPLOIT:3697667464193804316", "KITPLOIT:5187040326820919368", "KITPLOIT:5550923684662771880", "KITPLOIT:5230148353750207837", "KITPLOIT:5184284878903042540", "KITPLOIT:2590785192528609562", "KITPLOIT:1624142243530526923", "KITPLOIT:4074521293617632933"]}, {"type": "cisa", "idList": ["CISA:C70D91615E3DC8B589B493118D474566"]}, {"type": "securelist", "idList": ["SECURELIST:63306FA6D056BD9A04969409AC790D84"]}, {"type": "mssecure", "idList": ["MSSECURE:795E0A765679492C51FEFA2B19EAD597"]}, {"type": "mmpc", "idList": ["MMPC:795E0A765679492C51FEFA2B19EAD597"]}, {"type": "trendmicroblog", "idList": ["TRENDMICROBLOG:E17B66F8728189778826A0F497A540F2", "TRENDMICROBLOG:E0C479F55DF4C53A47CA2170110555AE"]}, {"type": "mskb", "idList": ["KB5005563"]}, {"type": "threatpost", "idList": ["THREATPOST:62DC935BF4DB4EF8A4F1E83519B1D5CD", "THREATPOST:6D61C560E85ECD0A7A35C55E74849510", "THREATPOST:3C3F20C93519036CC712D1CA3A6D7C48"]}, {"type": "nessus", "idList": ["SMB_NT_MS21_SEP_5005569.NASL", "SMB_NT_MS21_SEP_5005565.NASL", "SMB_NT_MS21_SEP_5005566.NASL", "SMB_NT_MS21_IE_SEPT_2021.NASL", "SMB_NT_MS21_SEP_5005613.NASL", "SMB_NT_MS21_SEP_INTERNET_EXPLORER.NASL", "SMB_NT_MS21_SEP_5005573.NASL", "SMB_NT_MS21_SEP_5005568.NASL"]}, {"type": "kaspersky", "idList": ["KLA12278", "KLA12277"]}, {"type": "malwarebytes", "idList": ["MALWAREBYTES:DB54B348AF1AC41987150B5CE7B1BC66", "MALWAREBYTES:76333D1F0FCAFD79FA2EDD4A4CAFBB38", "MALWAREBYTES:801E20618F96EF51F9E60F7BC7906C2B"]}, {"type": "krebs", "idList": ["KREBS:2EC42B845847A6DCFE50ECEB9FF61C29", "KREBS:409088FC2DFC219B74043104C2B672CC"]}, {"type": "thn", "idList": ["THN:67ECC712AB360F5A56F2434CDBF6B51F", "THN:59AE75C78D4644BFA6AD90225B3DE0C1", "THN:D4E86BD8938D3B2E15104CA4922A51F8"]}, {"type": "mscve", "idList": ["MS:CVE-2021-40444"]}, {"type": "avleonov", "idList": ["AVLEONOV:5945665DFA613F7707360C10CED8C916"]}, {"type": "qualysblog", "idList": ["QUALYSBLOG:5576D16DC39617927D8AEFF027CC0911"]}, {"type": "rapid7blog", "idList": ["RAPID7BLOG:CC071AA6971D64B0F7A596B2BBD5F046"]}], "modified": "2021-10-05T10:41:56", "rev": 2}, "score": {"value": 4.4, "vector": "NONE", "modified": "2021-10-05T10:41:56", "rev": 2}}, "objectVersion": "1.6", "attackerkb": {"attackerValue": 3, "exploitability": 2}, "wildExploited": true, "wildExploitedCategory": {"Vendor Advisory": "", "News Article or Blog": ""}, "wildExploitedReports": [{"category": "Vendor Advisory", "source_url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-40444", "published": "2021-09-07T18:47:00"}, {"category": "Vendor Advisory", "source_url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-40444", "published": "2021-09-07T22:50:00"}, {"category": "Vendor Advisory", "source_url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-40444", "published": "2021-09-09T09:55:00"}, {"category": "News Article or Blog", "source_url": "", "published": "2021-09-10T05:06:00"}, {"category": "Vendor Advisory", "source_url": "https://www.microsoft.com/security/blog/2021/09/15/analyzing-attacks-that-exploit-the-mshtml-cve-2021-40444-vulnerability/", "published": "2021-09-17T14:53:00"}, {"category": "Threat Feed", "source_url": "", "published": "2021-09-17T14:53:00"}], "references_categories": {"Canonical": ["https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-40444"], "Miscellaneous": ["https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-40444", "http://packetstormsecurity.com/files/164210/Microsoft-Windows-MSHTML-Overview.html"]}, "tags": ["requires_interaction", "obscure_configuration"], "mitre_vector": {"Execution": ["Command and Scripting Interpreter: Windows Command Shell(Validated)", "Exploitation for Client Execution(Validated)", "User Execution(Validated)"]}, "last_activity": "2021-09-25T00:00:00"}, "lastseen": "2021-10-06T04:42:22", "differentElements": ["href"], "edition": 18}, {"bulletin": {"id": "AKB:F7CCD0B7-220B-49E5-A4DF-27E26B64A3F0", "hash": "f895324dfc94580c2fd6a7d9a0f2f27a", "type": "attackerkb", "bulletinFamily": "info", "title": "CVE-2021-40444", "description": "Microsoft MSHTML Remote Code Execution Vulnerability\n\n \n**Recent assessments:** \n \n**JunquerGJ** at September 07, 2021 10:50pm UTC reported:\n\n * Vulnerable if default behaviour has been changed ( By default, Microsoft Office opens documents from the internet in Protected View or Application Guard for Office both of which prevent the current attack ) \n\n * Requires social engineering to be exploited \n\n * Workaround easy to deploy\n\n**ccondon-r7** at September 07, 2021 7:12pm UTC reported:\n\n * Vulnerable if default behaviour has been changed ( By default, Microsoft Office opens documents from the internet in Protected View or Application Guard for Office both of which prevent the current attack ) \n\n * Requires social engineering to be exploited \n\n * Workaround easy to deploy\n\n**nu11secur1ty** at September 22, 2021 4:28pm UTC reported:\n\n * Vulnerable if default behaviour has been changed ( By default, Microsoft Office opens documents from the internet in Protected View or Application Guard for Office both of which prevent the current attack ) \n\n * Requires social engineering to be exploited \n\n * Workaround easy to deploy\n\n**NinjaOperator** at September 07, 2021 6:45pm UTC reported:\n\n * Vulnerable if default behaviour has been changed ( By default, Microsoft Office opens documents from the internet in Protected View or Application Guard for Office both of which prevent the current attack ) \n\n * Requires social engineering to be exploited \n\n * Workaround easy to deploy\n\nAssessed Attacker Value: 3 \nAssessed Attacker Value: 3Assessed Attacker Value: 2\n", "published": "2021-09-15T00:00:00", "modified": "2021-09-25T00:00:00", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}, "cvss2": {}, "cvss3": {}, "href": "https://attackerkb.com/comments/d5168efc-757d-4584-a59f-dd75d566c156", "reporter": "AttackerKB", "references": ["https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-40444", "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-40444", "http://packetstormsecurity.com/files/164210/Microsoft-Windows-MSHTML-Overview.html"], "cvelist": ["CVE-2021-40444"], "immutableFields": [], "lastseen": "2021-10-06T07:42:34", "history": [], "viewCount": 50, "enchantments": {"dependencies": {"references": [{"type": "cve", "idList": ["CVE-2021-40444"]}, {"type": "kitploit", "idList": ["KITPLOIT:4033244480100620751", "KITPLOIT:942518396640901655", "KITPLOIT:3456474172768099634", "KITPLOIT:698315176468431184", "KITPLOIT:3697667464193804316", "KITPLOIT:5187040326820919368", "KITPLOIT:5550923684662771880", "KITPLOIT:5230148353750207837", "KITPLOIT:5184284878903042540", "KITPLOIT:2590785192528609562", "KITPLOIT:1624142243530526923", "KITPLOIT:4074521293617632933"]}, {"type": "cisa", "idList": ["CISA:C70D91615E3DC8B589B493118D474566"]}, {"type": "securelist", "idList": ["SECURELIST:63306FA6D056BD9A04969409AC790D84"]}, {"type": "mssecure", "idList": ["MSSECURE:795E0A765679492C51FEFA2B19EAD597"]}, {"type": "mmpc", "idList": ["MMPC:795E0A765679492C51FEFA2B19EAD597"]}, {"type": "trendmicroblog", "idList": ["TRENDMICROBLOG:E17B66F8728189778826A0F497A540F2", "TRENDMICROBLOG:E0C479F55DF4C53A47CA2170110555AE"]}, {"type": "mskb", "idList": ["KB5005563"]}, {"type": "threatpost", "idList": ["THREATPOST:62DC935BF4DB4EF8A4F1E83519B1D5CD", "THREATPOST:6D61C560E85ECD0A7A35C55E74849510", "THREATPOST:3C3F20C93519036CC712D1CA3A6D7C48"]}, {"type": "nessus", "idList": ["SMB_NT_MS21_SEP_5005569.NASL", "SMB_NT_MS21_SEP_5005565.NASL", "SMB_NT_MS21_SEP_5005566.NASL", "SMB_NT_MS21_IE_SEPT_2021.NASL", "SMB_NT_MS21_SEP_5005613.NASL", "SMB_NT_MS21_SEP_INTERNET_EXPLORER.NASL", "SMB_NT_MS21_SEP_5005573.NASL", "SMB_NT_MS21_SEP_5005568.NASL"]}, {"type": "kaspersky", "idList": ["KLA12278", "KLA12277"]}, {"type": "malwarebytes", "idList": ["MALWAREBYTES:DB54B348AF1AC41987150B5CE7B1BC66", "MALWAREBYTES:76333D1F0FCAFD79FA2EDD4A4CAFBB38", "MALWAREBYTES:801E20618F96EF51F9E60F7BC7906C2B"]}, {"type": "krebs", "idList": ["KREBS:2EC42B845847A6DCFE50ECEB9FF61C29", "KREBS:409088FC2DFC219B74043104C2B672CC"]}, {"type": "thn", "idList": ["THN:67ECC712AB360F5A56F2434CDBF6B51F", "THN:59AE75C78D4644BFA6AD90225B3DE0C1", "THN:D4E86BD8938D3B2E15104CA4922A51F8"]}, {"type": "mscve", "idList": ["MS:CVE-2021-40444"]}, {"type": "avleonov", "idList": ["AVLEONOV:5945665DFA613F7707360C10CED8C916"]}, {"type": "qualysblog", "idList": ["QUALYSBLOG:5576D16DC39617927D8AEFF027CC0911"]}, {"type": "rapid7blog", "idList": ["RAPID7BLOG:CC071AA6971D64B0F7A596B2BBD5F046"]}], "modified": "2021-10-05T10:41:56", "rev": 2}, "score": {"value": 4.4, "vector": "NONE", "modified": "2021-10-05T10:41:56", "rev": 2}}, "objectVersion": "1.6", "attackerkb": {"attackerValue": 3, "exploitability": 2}, "wildExploited": true, "wildExploitedCategory": {"Vendor Advisory": "", "News Article or Blog": ""}, "wildExploitedReports": [{"category": "Vendor Advisory", "source_url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-40444", "published": "2021-09-07T18:47:00"}, {"category": "Vendor Advisory", "source_url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-40444", "published": "2021-09-07T22:50:00"}, {"category": "Vendor Advisory", "source_url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-40444", "published": "2021-09-09T09:55:00"}, {"category": "News Article or Blog", "source_url": "", "published": "2021-09-10T05:06:00"}, {"category": "Vendor Advisory", "source_url": "https://www.microsoft.com/security/blog/2021/09/15/analyzing-attacks-that-exploit-the-mshtml-cve-2021-40444-vulnerability/", "published": "2021-09-17T14:53:00"}, {"category": "Threat Feed", "source_url": "", "published": "2021-09-17T14:53:00"}], "references_categories": {"Canonical": ["https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-40444"], "Miscellaneous": ["https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-40444", "http://packetstormsecurity.com/files/164210/Microsoft-Windows-MSHTML-Overview.html"]}, "tags": ["requires_interaction", "obscure_configuration"], "mitre_vector": {"Execution": ["Command and Scripting Interpreter: Windows Command Shell(Validated)", "Exploitation for Client Execution(Validated)", "User Execution(Validated)"]}, "last_activity": "2021-09-25T00:00:00"}, "lastseen": "2021-10-06T07:42:34", "differentElements": ["href"], "edition": 19}, {"bulletin": {"id": "AKB:F7CCD0B7-220B-49E5-A4DF-27E26B64A3F0", "hash": "3d52b470d5472513daaca763ba17c977", "type": "attackerkb", "bulletinFamily": "info", "title": "CVE-2021-40444", "description": "Microsoft MSHTML Remote Code Execution Vulnerability\n\n \n**Recent assessments:** \n \n**JunquerGJ** at September 07, 2021 10:50pm UTC reported:\n\n * Vulnerable if default behaviour has been changed ( By default, Microsoft Office opens documents from the internet in Protected View or Application Guard for Office both of which prevent the current attack ) \n\n * Requires social engineering to be exploited \n\n * Workaround easy to deploy\n\n**ccondon-r7** at September 07, 2021 7:12pm UTC reported:\n\n * Vulnerable if default behaviour has been changed ( By default, Microsoft Office opens documents from the internet in Protected View or Application Guard for Office both of which prevent the current attack ) \n\n * Requires social engineering to be exploited \n\n * Workaround easy to deploy\n\n**nu11secur1ty** at September 22, 2021 4:28pm UTC reported:\n\n * Vulnerable if default behaviour has been changed ( By default, Microsoft Office opens documents from the internet in Protected View or Application Guard for Office both of which prevent the current attack ) \n\n * Requires social engineering to be exploited \n\n * Workaround easy to deploy\n\n**NinjaOperator** at September 07, 2021 6:45pm UTC reported:\n\n * Vulnerable if default behaviour has been changed ( By default, Microsoft Office opens documents from the internet in Protected View or Application Guard for Office both of which prevent the current attack ) \n\n * Requires social engineering to be exploited \n\n * Workaround easy to deploy\n\nAssessed Attacker Value: 3 \nAssessed Attacker Value: 3Assessed Attacker Value: 2\n", "published": "2021-09-15T00:00:00", "modified": "2021-09-25T00:00:00", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}, "cvss2": {}, "cvss3": {}, "href": "https://attackerkb.com/topics/6ojqzQoPox/cve-2021-40444", "reporter": "AttackerKB", "references": ["https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-40444", "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-40444", "http://packetstormsecurity.com/files/164210/Microsoft-Windows-MSHTML-Overview.html"], "cvelist": ["CVE-2021-40444"], "immutableFields": [], "lastseen": "2021-10-06T10:46:12", "history": [], "viewCount": 50, "enchantments": {"dependencies": {"references": [{"type": "cve", "idList": ["CVE-2021-40444"]}, {"type": "kitploit", "idList": ["KITPLOIT:4033244480100620751", "KITPLOIT:942518396640901655", "KITPLOIT:3456474172768099634", "KITPLOIT:698315176468431184", "KITPLOIT:3697667464193804316", "KITPLOIT:5187040326820919368", "KITPLOIT:5550923684662771880", "KITPLOIT:5230148353750207837", "KITPLOIT:5184284878903042540", "KITPLOIT:2590785192528609562", "KITPLOIT:1624142243530526923", "KITPLOIT:4074521293617632933"]}, {"type": "cisa", "idList": ["CISA:C70D91615E3DC8B589B493118D474566"]}, {"type": "securelist", "idList": ["SECURELIST:63306FA6D056BD9A04969409AC790D84"]}, {"type": "mssecure", "idList": ["MSSECURE:795E0A765679492C51FEFA2B19EAD597"]}, {"type": "mmpc", "idList": ["MMPC:795E0A765679492C51FEFA2B19EAD597"]}, {"type": "trendmicroblog", "idList": ["TRENDMICROBLOG:E17B66F8728189778826A0F497A540F2", "TRENDMICROBLOG:E0C479F55DF4C53A47CA2170110555AE"]}, {"type": "mskb", "idList": ["KB5005563"]}, {"type": "threatpost", "idList": ["THREATPOST:62DC935BF4DB4EF8A4F1E83519B1D5CD", "THREATPOST:6D61C560E85ECD0A7A35C55E74849510", "THREATPOST:3C3F20C93519036CC712D1CA3A6D7C48"]}, {"type": "nessus", "idList": ["SMB_NT_MS21_SEP_5005569.NASL", "SMB_NT_MS21_SEP_5005565.NASL", "SMB_NT_MS21_SEP_5005566.NASL", "SMB_NT_MS21_IE_SEPT_2021.NASL", "SMB_NT_MS21_SEP_5005613.NASL", "SMB_NT_MS21_SEP_INTERNET_EXPLORER.NASL", "SMB_NT_MS21_SEP_5005573.NASL", "SMB_NT_MS21_SEP_5005568.NASL"]}, {"type": "kaspersky", "idList": ["KLA12278", "KLA12277"]}, {"type": "malwarebytes", "idList": ["MALWAREBYTES:DB54B348AF1AC41987150B5CE7B1BC66", "MALWAREBYTES:76333D1F0FCAFD79FA2EDD4A4CAFBB38", "MALWAREBYTES:801E20618F96EF51F9E60F7BC7906C2B"]}, {"type": "krebs", "idList": ["KREBS:2EC42B845847A6DCFE50ECEB9FF61C29", "KREBS:409088FC2DFC219B74043104C2B672CC"]}, {"type": "thn", "idList": ["THN:67ECC712AB360F5A56F2434CDBF6B51F", "THN:59AE75C78D4644BFA6AD90225B3DE0C1", "THN:D4E86BD8938D3B2E15104CA4922A51F8"]}, {"type": "mscve", "idList": ["MS:CVE-2021-40444"]}, {"type": "avleonov", "idList": ["AVLEONOV:5945665DFA613F7707360C10CED8C916"]}, {"type": "qualysblog", "idList": ["QUALYSBLOG:5576D16DC39617927D8AEFF027CC0911"]}, {"type": "rapid7blog", "idList": ["RAPID7BLOG:CC071AA6971D64B0F7A596B2BBD5F046"]}], "modified": "2021-10-05T10:41:56", "rev": 2}, "score": {"value": 4.4, "vector": "NONE", "modified": "2021-10-05T10:41:56", "rev": 2}}, "objectVersion": "1.6", "attackerkb": {"attackerValue": 3, "exploitability": 2}, "wildExploited": true, "wildExploitedCategory": {"Vendor Advisory": "", "News Article or Blog": ""}, "wildExploitedReports": [{"category": "Vendor Advisory", "source_url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-40444", "published": "2021-09-07T18:47:00"}, {"category": "Vendor Advisory", "source_url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-40444", "published": "2021-09-07T22:50:00"}, {"category": "Vendor Advisory", "source_url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-40444", "published": "2021-09-09T09:55:00"}, {"category": "News Article or Blog", "source_url": "", "published": "2021-09-10T05:06:00"}, {"category": "Vendor Advisory", "source_url": "https://www.microsoft.com/security/blog/2021/09/15/analyzing-attacks-that-exploit-the-mshtml-cve-2021-40444-vulnerability/", "published": "2021-09-17T14:53:00"}, {"category": "Threat Feed", "source_url": "", "published": "2021-09-17T14:53:00"}], "references_categories": {"Canonical": ["https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-40444"], "Miscellaneous": ["https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-40444", "http://packetstormsecurity.com/files/164210/Microsoft-Windows-MSHTML-Overview.html"]}, "tags": ["requires_interaction", "obscure_configuration"], "mitre_vector": {"Execution": ["Command and Scripting Interpreter: Windows Command Shell(Validated)", "Exploitation for Client Execution(Validated)", "User Execution(Validated)"]}, "last_activity": "2021-09-25T00:00:00"}, "lastseen": "2021-10-06T10:46:12", "differentElements": ["href"], "edition": 20}, {"bulletin": {"id": "AKB:F7CCD0B7-220B-49E5-A4DF-27E26B64A3F0", "hash": "f895324dfc94580c2fd6a7d9a0f2f27a", "type": "attackerkb", "bulletinFamily": "info", "title": "CVE-2021-40444", "description": "Microsoft MSHTML Remote Code Execution Vulnerability\n\n \n**Recent assessments:** \n \n**JunquerGJ** at September 07, 2021 10:50pm UTC reported:\n\n * Vulnerable if default behaviour has been changed ( By default, Microsoft Office opens documents from the internet in Protected View or Application Guard for Office both of which prevent the current attack ) \n\n * Requires social engineering to be exploited \n\n * Workaround easy to deploy\n\n**ccondon-r7** at September 07, 2021 7:12pm UTC reported:\n\n * Vulnerable if default behaviour has been changed ( By default, Microsoft Office opens documents from the internet in Protected View or Application Guard for Office both of which prevent the current attack ) \n\n * Requires social engineering to be exploited \n\n * Workaround easy to deploy\n\n**nu11secur1ty** at September 22, 2021 4:28pm UTC reported:\n\n * Vulnerable if default behaviour has been changed ( By default, Microsoft Office opens documents from the internet in Protected View or Application Guard for Office both of which prevent the current attack ) \n\n * Requires social engineering to be exploited \n\n * Workaround easy to deploy\n\n**NinjaOperator** at September 07, 2021 6:45pm UTC reported:\n\n * Vulnerable if default behaviour has been changed ( By default, Microsoft Office opens documents from the internet in Protected View or Application Guard for Office both of which prevent the current attack ) \n\n * Requires social engineering to be exploited \n\n * Workaround easy to deploy\n\nAssessed Attacker Value: 3 \nAssessed Attacker Value: 3Assessed Attacker Value: 2\n", "published": "2021-09-15T00:00:00", "modified": "2021-09-25T00:00:00", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}, "cvss2": {}, "cvss3": {}, "href": "https://attackerkb.com/comments/d5168efc-757d-4584-a59f-dd75d566c156", "reporter": "AttackerKB", "references": ["https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-40444", "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-40444", "http://packetstormsecurity.com/files/164210/Microsoft-Windows-MSHTML-Overview.html"], "cvelist": ["CVE-2021-40444"], "immutableFields": [], "lastseen": "2021-10-06T13:42:05", "history": [], "viewCount": 50, "enchantments": {"dependencies": {"references": [{"type": "cve", "idList": ["CVE-2021-40444"]}, {"type": "kitploit", "idList": ["KITPLOIT:4033244480100620751", "KITPLOIT:942518396640901655", "KITPLOIT:3456474172768099634", "KITPLOIT:698315176468431184", "KITPLOIT:3697667464193804316", "KITPLOIT:5187040326820919368", "KITPLOIT:5550923684662771880", "KITPLOIT:5230148353750207837", "KITPLOIT:5184284878903042540", "KITPLOIT:2590785192528609562", "KITPLOIT:1624142243530526923", "KITPLOIT:4074521293617632933"]}, {"type": "cisa", "idList": ["CISA:C70D91615E3DC8B589B493118D474566"]}, {"type": "securelist", "idList": ["SECURELIST:63306FA6D056BD9A04969409AC790D84"]}, {"type": "mssecure", "idList": ["MSSECURE:795E0A765679492C51FEFA2B19EAD597"]}, {"type": "mmpc", "idList": ["MMPC:795E0A765679492C51FEFA2B19EAD597"]}, {"type": "trendmicroblog", "idList": ["TRENDMICROBLOG:E17B66F8728189778826A0F497A540F2", "TRENDMICROBLOG:E0C479F55DF4C53A47CA2170110555AE"]}, {"type": "mskb", "idList": ["KB5005563"]}, {"type": "threatpost", "idList": ["THREATPOST:62DC935BF4DB4EF8A4F1E83519B1D5CD", "THREATPOST:6D61C560E85ECD0A7A35C55E74849510", "THREATPOST:3C3F20C93519036CC712D1CA3A6D7C48"]}, {"type": "nessus", "idList": ["SMB_NT_MS21_SEP_5005569.NASL", "SMB_NT_MS21_SEP_5005565.NASL", "SMB_NT_MS21_SEP_5005566.NASL", "SMB_NT_MS21_IE_SEPT_2021.NASL", "SMB_NT_MS21_SEP_5005613.NASL", "SMB_NT_MS21_SEP_INTERNET_EXPLORER.NASL", "SMB_NT_MS21_SEP_5005573.NASL", "SMB_NT_MS21_SEP_5005568.NASL"]}, {"type": "kaspersky", "idList": ["KLA12278", "KLA12277"]}, {"type": "malwarebytes", "idList": ["MALWAREBYTES:DB54B348AF1AC41987150B5CE7B1BC66", "MALWAREBYTES:76333D1F0FCAFD79FA2EDD4A4CAFBB38", "MALWAREBYTES:801E20618F96EF51F9E60F7BC7906C2B"]}, {"type": "krebs", "idList": ["KREBS:2EC42B845847A6DCFE50ECEB9FF61C29", "KREBS:409088FC2DFC219B74043104C2B672CC"]}, {"type": "thn", "idList": ["THN:67ECC712AB360F5A56F2434CDBF6B51F", "THN:59AE75C78D4644BFA6AD90225B3DE0C1", "THN:D4E86BD8938D3B2E15104CA4922A51F8"]}, {"type": "mscve", "idList": ["MS:CVE-2021-40444"]}, {"type": "avleonov", "idList": ["AVLEONOV:5945665DFA613F7707360C10CED8C916"]}, {"type": "qualysblog", "idList": ["QUALYSBLOG:5576D16DC39617927D8AEFF027CC0911"]}, {"type": "rapid7blog", "idList": ["RAPID7BLOG:CC071AA6971D64B0F7A596B2BBD5F046"]}], "modified": "2021-10-05T10:41:56", "rev": 2}, "score": {"value": 4.4, "vector": "NONE", "modified": "2021-10-05T10:41:56", "rev": 2}}, "objectVersion": "1.6", "attackerkb": {"attackerValue": 3, "exploitability": 2}, "wildExploited": true, "wildExploitedCategory": {"Vendor Advisory": "", "News Article or Blog": ""}, "wildExploitedReports": [{"category": "Vendor Advisory", "source_url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-40444", "published": "2021-09-07T18:47:00"}, {"category": "Vendor Advisory", "source_url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-40444", "published": "2021-09-07T22:50:00"}, {"category": "Vendor Advisory", "source_url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-40444", "published": "2021-09-09T09:55:00"}, {"category": "News Article or Blog", "source_url": "", "published": "2021-09-10T05:06:00"}, {"category": "Vendor Advisory", "source_url": "https://www.microsoft.com/security/blog/2021/09/15/analyzing-attacks-that-exploit-the-mshtml-cve-2021-40444-vulnerability/", "published": "2021-09-17T14:53:00"}, {"category": "Threat Feed", "source_url": "", "published": "2021-09-17T14:53:00"}], "references_categories": {"Canonical": ["https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-40444"], "Miscellaneous": ["https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-40444", "http://packetstormsecurity.com/files/164210/Microsoft-Windows-MSHTML-Overview.html"]}, "tags": ["requires_interaction", "obscure_configuration"], "mitre_vector": {"Execution": ["Command and Scripting Interpreter: Windows Command Shell(Validated)", "Exploitation for Client Execution(Validated)", "User Execution(Validated)"]}, "last_activity": "2021-09-25T00:00:00"}, "lastseen": "2021-10-06T13:42:05", "differentElements": ["href"], "edition": 21}, {"bulletin": {"id": "AKB:F7CCD0B7-220B-49E5-A4DF-27E26B64A3F0", "hash": "3d52b470d5472513daaca763ba17c977", "type": "attackerkb", "bulletinFamily": "info", "title": "CVE-2021-40444", "description": "Microsoft MSHTML Remote Code Execution Vulnerability\n\n \n**Recent assessments:** \n \n**JunquerGJ** at September 07, 2021 10:50pm UTC reported:\n\n * Vulnerable if default behaviour has been changed ( By default, Microsoft Office opens documents from the internet in Protected View or Application Guard for Office both of which prevent the current attack ) \n\n * Requires social engineering to be exploited \n\n * Workaround easy to deploy\n\n**ccondon-r7** at September 07, 2021 7:12pm UTC reported:\n\n * Vulnerable if default behaviour has been changed ( By default, Microsoft Office opens documents from the internet in Protected View or Application Guard for Office both of which prevent the current attack ) \n\n * Requires social engineering to be exploited \n\n * Workaround easy to deploy\n\n**nu11secur1ty** at September 22, 2021 4:28pm UTC reported:\n\n * Vulnerable if default behaviour has been changed ( By default, Microsoft Office opens documents from the internet in Protected View or Application Guard for Office both of which prevent the current attack ) \n\n * Requires social engineering to be exploited \n\n * Workaround easy to deploy\n\n**NinjaOperator** at September 07, 2021 6:45pm UTC reported:\n\n * Vulnerable if default behaviour has been changed ( By default, Microsoft Office opens documents from the internet in Protected View or Application Guard for Office both of which prevent the current attack ) \n\n * Requires social engineering to be exploited \n\n * Workaround easy to deploy\n\nAssessed Attacker Value: 3 \nAssessed Attacker Value: 3Assessed Attacker Value: 2\n", "published": "2021-09-15T00:00:00", "modified": "2021-09-25T00:00:00", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}, "cvss2": {}, "cvss3": {}, "href": "https://attackerkb.com/topics/6ojqzQoPox/cve-2021-40444", "reporter": "AttackerKB", "references": ["https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-40444", "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-40444", "http://packetstormsecurity.com/files/164210/Microsoft-Windows-MSHTML-Overview.html"], "cvelist": ["CVE-2021-40444"], "immutableFields": [], "lastseen": "2021-10-06T13:42:14", "history": [], "viewCount": 50, "enchantments": {"dependencies": {"references": [{"type": "cve", "idList": ["CVE-2021-40444"]}, {"type": "kitploit", "idList": ["KITPLOIT:4033244480100620751", "KITPLOIT:942518396640901655", "KITPLOIT:3456474172768099634", "KITPLOIT:698315176468431184", "KITPLOIT:3697667464193804316", "KITPLOIT:5187040326820919368", "KITPLOIT:5550923684662771880", "KITPLOIT:5230148353750207837", "KITPLOIT:5184284878903042540", "KITPLOIT:2590785192528609562", "KITPLOIT:1624142243530526923", "KITPLOIT:4074521293617632933"]}, {"type": "cisa", "idList": ["CISA:C70D91615E3DC8B589B493118D474566"]}, {"type": "securelist", "idList": ["SECURELIST:63306FA6D056BD9A04969409AC790D84"]}, {"type": "mssecure", "idList": ["MSSECURE:795E0A765679492C51FEFA2B19EAD597"]}, {"type": "mmpc", "idList": ["MMPC:795E0A765679492C51FEFA2B19EAD597"]}, {"type": "trendmicroblog", "idList": ["TRENDMICROBLOG:E17B66F8728189778826A0F497A540F2", "TRENDMICROBLOG:E0C479F55DF4C53A47CA2170110555AE"]}, {"type": "mskb", "idList": ["KB5005563"]}, {"type": "threatpost", "idList": ["THREATPOST:62DC935BF4DB4EF8A4F1E83519B1D5CD", "THREATPOST:6D61C560E85ECD0A7A35C55E74849510", "THREATPOST:3C3F20C93519036CC712D1CA3A6D7C48"]}, {"type": "nessus", "idList": ["SMB_NT_MS21_SEP_5005569.NASL", "SMB_NT_MS21_SEP_5005565.NASL", "SMB_NT_MS21_SEP_5005566.NASL", "SMB_NT_MS21_IE_SEPT_2021.NASL", "SMB_NT_MS21_SEP_5005613.NASL", "SMB_NT_MS21_SEP_INTERNET_EXPLORER.NASL", "SMB_NT_MS21_SEP_5005573.NASL", "SMB_NT_MS21_SEP_5005568.NASL"]}, {"type": "kaspersky", "idList": ["KLA12278", "KLA12277"]}, {"type": "malwarebytes", "idList": ["MALWAREBYTES:DB54B348AF1AC41987150B5CE7B1BC66", "MALWAREBYTES:76333D1F0FCAFD79FA2EDD4A4CAFBB38", "MALWAREBYTES:801E20618F96EF51F9E60F7BC7906C2B"]}, {"type": "krebs", "idList": ["KREBS:2EC42B845847A6DCFE50ECEB9FF61C29", "KREBS:409088FC2DFC219B74043104C2B672CC"]}, {"type": "thn", "idList": ["THN:67ECC712AB360F5A56F2434CDBF6B51F", "THN:59AE75C78D4644BFA6AD90225B3DE0C1", "THN:D4E86BD8938D3B2E15104CA4922A51F8"]}, {"type": "mscve", "idList": ["MS:CVE-2021-40444"]}, {"type": "avleonov", "idList": ["AVLEONOV:5945665DFA613F7707360C10CED8C916"]}, {"type": "qualysblog", "idList": ["QUALYSBLOG:5576D16DC39617927D8AEFF027CC0911"]}, {"type": "rapid7blog", "idList": ["RAPID7BLOG:CC071AA6971D64B0F7A596B2BBD5F046"]}], "modified": "2021-10-05T10:41:56", "rev": 2}, "score": {"value": 4.4, "vector": "NONE", "modified": "2021-10-05T10:41:56", "rev": 2}}, "objectVersion": "1.6", "attackerkb": {"attackerValue": 3, "exploitability": 2}, "wildExploited": true, "wildExploitedCategory": {"Vendor Advisory": "", "News Article or Blog": ""}, "wildExploitedReports": [{"category": "Vendor Advisory", "source_url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-40444", "published": "2021-09-07T18:47:00"}, {"category": "Vendor Advisory", "source_url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-40444", "published": "2021-09-07T22:50:00"}, {"category": "Vendor Advisory", "source_url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-40444", "published": "2021-09-09T09:55:00"}, {"category": "News Article or Blog", "source_url": "", "published": "2021-09-10T05:06:00"}, {"category": "Vendor Advisory", "source_url": "https://www.microsoft.com/security/blog/2021/09/15/analyzing-attacks-that-exploit-the-mshtml-cve-2021-40444-vulnerability/", "published": "2021-09-17T14:53:00"}, {"category": "Threat Feed", "source_url": "", "published": "2021-09-17T14:53:00"}], "references_categories": {"Canonical": ["https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-40444"], "Miscellaneous": ["https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-40444", "http://packetstormsecurity.com/files/164210/Microsoft-Windows-MSHTML-Overview.html"]}, "tags": ["requires_interaction", "obscure_configuration"], "mitre_vector": {"Execution": ["Command and Scripting Interpreter: Windows Command Shell(Validated)", "Exploitation for Client Execution(Validated)", "User Execution(Validated)"]}, "last_activity": "2021-09-25T00:00:00"}, "lastseen": "2021-10-06T13:42:14", "differentElements": ["href"], "edition": 22}, {"bulletin": {"id": "AKB:F7CCD0B7-220B-49E5-A4DF-27E26B64A3F0", "hash": "f895324dfc94580c2fd6a7d9a0f2f27a", "type": "attackerkb", "bulletinFamily": "info", "title": "CVE-2021-40444", "description": "Microsoft MSHTML Remote Code Execution Vulnerability\n\n \n**Recent assessments:** \n \n**JunquerGJ** at September 07, 2021 10:50pm UTC reported:\n\n * Vulnerable if default behaviour has been changed ( By default, Microsoft Office opens documents from the internet in Protected View or Application Guard for Office both of which prevent the current attack ) \n\n * Requires social engineering to be exploited \n\n * Workaround easy to deploy\n\n**ccondon-r7** at September 07, 2021 7:12pm UTC reported:\n\n * Vulnerable if default behaviour has been changed ( By default, Microsoft Office opens documents from the internet in Protected View or Application Guard for Office both of which prevent the current attack ) \n\n * Requires social engineering to be exploited \n\n * Workaround easy to deploy\n\n**nu11secur1ty** at September 22, 2021 4:28pm UTC reported:\n\n * Vulnerable if default behaviour has been changed ( By default, Microsoft Office opens documents from the internet in Protected View or Application Guard for Office both of which prevent the current attack ) \n\n * Requires social engineering to be exploited \n\n * Workaround easy to deploy\n\n**NinjaOperator** at September 07, 2021 6:45pm UTC reported:\n\n * Vulnerable if default behaviour has been changed ( By default, Microsoft Office opens documents from the internet in Protected View or Application Guard for Office both of which prevent the current attack ) \n\n * Requires social engineering to be exploited \n\n * Workaround easy to deploy\n\nAssessed Attacker Value: 3 \nAssessed Attacker Value: 3Assessed Attacker Value: 2\n", "published": "2021-09-15T00:00:00", "modified": "2021-09-25T00:00:00", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}, "cvss2": {}, "cvss3": {}, "href": "https://attackerkb.com/comments/d5168efc-757d-4584-a59f-dd75d566c156", "reporter": "AttackerKB", "references": ["https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-40444", "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-40444", "http://packetstormsecurity.com/files/164210/Microsoft-Windows-MSHTML-Overview.html"], "cvelist": ["CVE-2021-40444"], "immutableFields": [], "lastseen": "2021-10-06T16:46:14", "history": [], "viewCount": 50, "enchantments": {"dependencies": {"references": [{"type": "cve", "idList": ["CVE-2021-40444"]}, {"type": "kitploit", "idList": ["KITPLOIT:4033244480100620751", "KITPLOIT:942518396640901655", "KITPLOIT:3456474172768099634", "KITPLOIT:698315176468431184", "KITPLOIT:3697667464193804316", "KITPLOIT:5187040326820919368", "KITPLOIT:5550923684662771880", "KITPLOIT:5230148353750207837", "KITPLOIT:5184284878903042540", "KITPLOIT:2590785192528609562", "KITPLOIT:1624142243530526923", "KITPLOIT:4074521293617632933"]}, {"type": "cisa", "idList": ["CISA:C70D91615E3DC8B589B493118D474566"]}, {"type": "securelist", "idList": ["SECURELIST:63306FA6D056BD9A04969409AC790D84"]}, {"type": "mssecure", "idList": ["MSSECURE:795E0A765679492C51FEFA2B19EAD597"]}, {"type": "mmpc", "idList": ["MMPC:795E0A765679492C51FEFA2B19EAD597"]}, {"type": "trendmicroblog", "idList": ["TRENDMICROBLOG:E17B66F8728189778826A0F497A540F2", "TRENDMICROBLOG:E0C479F55DF4C53A47CA2170110555AE"]}, {"type": "mskb", "idList": ["KB5005563"]}, {"type": "threatpost", "idList": ["THREATPOST:62DC935BF4DB4EF8A4F1E83519B1D5CD", "THREATPOST:6D61C560E85ECD0A7A35C55E74849510", "THREATPOST:3C3F20C93519036CC712D1CA3A6D7C48"]}, {"type": "nessus", "idList": ["SMB_NT_MS21_SEP_5005569.NASL", "SMB_NT_MS21_SEP_5005565.NASL", "SMB_NT_MS21_SEP_5005566.NASL", "SMB_NT_MS21_IE_SEPT_2021.NASL", "SMB_NT_MS21_SEP_5005613.NASL", "SMB_NT_MS21_SEP_INTERNET_EXPLORER.NASL", "SMB_NT_MS21_SEP_5005573.NASL", "SMB_NT_MS21_SEP_5005568.NASL"]}, {"type": "kaspersky", "idList": ["KLA12278", "KLA12277"]}, {"type": "malwarebytes", "idList": ["MALWAREBYTES:DB54B348AF1AC41987150B5CE7B1BC66", "MALWAREBYTES:76333D1F0FCAFD79FA2EDD4A4CAFBB38", "MALWAREBYTES:801E20618F96EF51F9E60F7BC7906C2B"]}, {"type": "krebs", "idList": ["KREBS:2EC42B845847A6DCFE50ECEB9FF61C29", "KREBS:409088FC2DFC219B74043104C2B672CC"]}, {"type": "thn", "idList": ["THN:67ECC712AB360F5A56F2434CDBF6B51F", "THN:59AE75C78D4644BFA6AD90225B3DE0C1", "THN:D4E86BD8938D3B2E15104CA4922A51F8"]}, {"type": "mscve", "idList": ["MS:CVE-2021-40444"]}, {"type": "avleonov", "idList": ["AVLEONOV:5945665DFA613F7707360C10CED8C916"]}, {"type": "qualysblog", "idList": ["QUALYSBLOG:5576D16DC39617927D8AEFF027CC0911"]}, {"type": "rapid7blog", "idList": ["RAPID7BLOG:CC071AA6971D64B0F7A596B2BBD5F046"]}], "modified": "2021-10-05T10:41:56", "rev": 2}, "score": {"value": 4.4, "vector": "NONE", "modified": "2021-10-05T10:41:56", "rev": 2}}, "objectVersion": "1.6", "attackerkb": {"attackerValue": 3, "exploitability": 2}, "wildExploited": true, "wildExploitedCategory": {"Vendor Advisory": "", "News Article or Blog": ""}, "wildExploitedReports": [{"category": "Vendor Advisory", "source_url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-40444", "published": "2021-09-07T18:47:00"}, {"category": "Vendor Advisory", "source_url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-40444", "published": "2021-09-07T22:50:00"}, {"category": "Vendor Advisory", "source_url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-40444", "published": "2021-09-09T09:55:00"}, {"category": "News Article or Blog", "source_url": "", "published": "2021-09-10T05:06:00"}, {"category": "Vendor Advisory", "source_url": "https://www.microsoft.com/security/blog/2021/09/15/analyzing-attacks-that-exploit-the-mshtml-cve-2021-40444-vulnerability/", "published": "2021-09-17T14:53:00"}, {"category": "Threat Feed", "source_url": "", "published": "2021-09-17T14:53:00"}], "references_categories": {"Canonical": ["https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-40444"], "Miscellaneous": ["https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-40444", "http://packetstormsecurity.com/files/164210/Microsoft-Windows-MSHTML-Overview.html"]}, "tags": ["requires_interaction", "obscure_configuration"], "mitre_vector": {"Execution": ["Command and Scripting Interpreter: Windows Command Shell(Validated)", "Exploitation for Client Execution(Validated)", "User Execution(Validated)"]}, "last_activity": "2021-09-25T00:00:00"}, "lastseen": "2021-10-06T16:46:14", "differentElements": ["href"], "edition": 23}, {"bulletin": {"id": "AKB:F7CCD0B7-220B-49E5-A4DF-27E26B64A3F0", "hash": "3d52b470d5472513daaca763ba17c977", "type": "attackerkb", "bulletinFamily": "info", "title": "CVE-2021-40444", "description": "Microsoft MSHTML Remote Code Execution Vulnerability\n\n \n**Recent assessments:** \n \n**JunquerGJ** at September 07, 2021 10:50pm UTC reported:\n\n * Vulnerable if default behaviour has been changed ( By default, Microsoft Office opens documents from the internet in Protected View or Application Guard for Office both of which prevent the current attack ) \n\n * Requires social engineering to be exploited \n\n * Workaround easy to deploy\n\n**ccondon-r7** at September 07, 2021 7:12pm UTC reported:\n\n * Vulnerable if default behaviour has been changed ( By default, Microsoft Office opens documents from the internet in Protected View or Application Guard for Office both of which prevent the current attack ) \n\n * Requires social engineering to be exploited \n\n * Workaround easy to deploy\n\n**nu11secur1ty** at September 22, 2021 4:28pm UTC reported:\n\n * Vulnerable if default behaviour has been changed ( By default, Microsoft Office opens documents from the internet in Protected View or Application Guard for Office both of which prevent the current attack ) \n\n * Requires social engineering to be exploited \n\n * Workaround easy to deploy\n\n**NinjaOperator** at September 07, 2021 6:45pm UTC reported:\n\n * Vulnerable if default behaviour has been changed ( By default, Microsoft Office opens documents from the internet in Protected View or Application Guard for Office both of which prevent the current attack ) \n\n * Requires social engineering to be exploited \n\n * Workaround easy to deploy\n\nAssessed Attacker Value: 3 \nAssessed Attacker Value: 3Assessed Attacker Value: 2\n", "published": "2021-09-15T00:00:00", "modified": "2021-09-25T00:00:00", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}, "cvss2": {}, "cvss3": {}, "href": "https://attackerkb.com/topics/6ojqzQoPox/cve-2021-40444", "reporter": "AttackerKB", "references": ["https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-40444", "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-40444", "http://packetstormsecurity.com/files/164210/Microsoft-Windows-MSHTML-Overview.html"], "cvelist": ["CVE-2021-40444"], "immutableFields": [], "lastseen": "2021-10-06T19:42:27", "history": [], "viewCount": 50, "enchantments": {"dependencies": {"references": [{"type": "cve", "idList": ["CVE-2021-40444"]}, {"type": "kitploit", "idList": ["KITPLOIT:4033244480100620751", "KITPLOIT:942518396640901655", "KITPLOIT:3456474172768099634", "KITPLOIT:698315176468431184", "KITPLOIT:3697667464193804316", "KITPLOIT:5187040326820919368", "KITPLOIT:5550923684662771880", "KITPLOIT:5230148353750207837", "KITPLOIT:5184284878903042540", "KITPLOIT:2590785192528609562", "KITPLOIT:1624142243530526923", "KITPLOIT:4074521293617632933"]}, {"type": "cisa", "idList": ["CISA:C70D91615E3DC8B589B493118D474566"]}, {"type": "securelist", "idList": ["SECURELIST:63306FA6D056BD9A04969409AC790D84"]}, {"type": "mssecure", "idList": ["MSSECURE:795E0A765679492C51FEFA2B19EAD597"]}, {"type": "mmpc", "idList": ["MMPC:795E0A765679492C51FEFA2B19EAD597"]}, {"type": "trendmicroblog", "idList": ["TRENDMICROBLOG:E17B66F8728189778826A0F497A540F2", "TRENDMICROBLOG:E0C479F55DF4C53A47CA2170110555AE"]}, {"type": "mskb", "idList": ["KB5005563"]}, {"type": "threatpost", "idList": ["THREATPOST:62DC935BF4DB4EF8A4F1E83519B1D5CD", "THREATPOST:6D61C560E85ECD0A7A35C55E74849510", "THREATPOST:3C3F20C93519036CC712D1CA3A6D7C48"]}, {"type": "nessus", "idList": ["SMB_NT_MS21_SEP_5005569.NASL", "SMB_NT_MS21_SEP_5005565.NASL", "SMB_NT_MS21_SEP_5005566.NASL", "SMB_NT_MS21_IE_SEPT_2021.NASL", "SMB_NT_MS21_SEP_5005613.NASL", "SMB_NT_MS21_SEP_INTERNET_EXPLORER.NASL", "SMB_NT_MS21_SEP_5005573.NASL", "SMB_NT_MS21_SEP_5005568.NASL"]}, {"type": "kaspersky", "idList": ["KLA12278", "KLA12277"]}, {"type": "malwarebytes", "idList": ["MALWAREBYTES:DB54B348AF1AC41987150B5CE7B1BC66", "MALWAREBYTES:76333D1F0FCAFD79FA2EDD4A4CAFBB38", "MALWAREBYTES:801E20618F96EF51F9E60F7BC7906C2B"]}, {"type": "krebs", "idList": ["KREBS:2EC42B845847A6DCFE50ECEB9FF61C29", "KREBS:409088FC2DFC219B74043104C2B672CC"]}, {"type": "thn", "idList": ["THN:67ECC712AB360F5A56F2434CDBF6B51F", "THN:59AE75C78D4644BFA6AD90225B3DE0C1", "THN:D4E86BD8938D3B2E15104CA4922A51F8"]}, {"type": "mscve", "idList": ["MS:CVE-2021-40444"]}, {"type": "avleonov", "idList": ["AVLEONOV:5945665DFA613F7707360C10CED8C916"]}, {"type": "qualysblog", "idList": ["QUALYSBLOG:5576D16DC39617927D8AEFF027CC0911"]}, {"type": "rapid7blog", "idList": ["RAPID7BLOG:CC071AA6971D64B0F7A596B2BBD5F046"]}], "modified": "2021-10-05T10:41:56", "rev": 2}, "score": {"value": 4.4, "vector": "NONE", "modified": "2021-10-05T10:41:56", "rev": 2}}, "objectVersion": "1.6", "attackerkb": {"attackerValue": 3, "exploitability": 2}, "wildExploited": true, "wildExploitedCategory": {"Vendor Advisory": "", "News Article or Blog": ""}, "wildExploitedReports": [{"category": "Vendor Advisory", "source_url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-40444", "published": "2021-09-07T18:47:00"}, {"category": "Vendor Advisory", "source_url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-40444", "published": "2021-09-07T22:50:00"}, {"category": "Vendor Advisory", "source_url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-40444", "published": "2021-09-09T09:55:00"}, {"category": "News Article or Blog", "source_url": "", "published": "2021-09-10T05:06:00"}, {"category": "Vendor Advisory", "source_url": "https://www.microsoft.com/security/blog/2021/09/15/analyzing-attacks-that-exploit-the-mshtml-cve-2021-40444-vulnerability/", "published": "2021-09-17T14:53:00"}, {"category": "Threat Feed", "source_url": "", "published": "2021-09-17T14:53:00"}], "references_categories": {"Canonical": ["https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-40444"], "Miscellaneous": ["https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-40444", "http://packetstormsecurity.com/files/164210/Microsoft-Windows-MSHTML-Overview.html"]}, "tags": ["requires_interaction", "obscure_configuration"], "mitre_vector": {"Execution": ["Command and Scripting Interpreter: Windows Command Shell(Validated)", "Exploitation for Client Execution(Validated)", "User Execution(Validated)"]}, "last_activity": "2021-09-25T00:00:00"}, "lastseen": "2021-10-06T19:42:27", "differentElements": ["href"], "edition": 24}, {"bulletin": {"id": "AKB:F7CCD0B7-220B-49E5-A4DF-27E26B64A3F0", "hash": "f895324dfc94580c2fd6a7d9a0f2f27a", "type": "attackerkb", "bulletinFamily": "info", "title": "CVE-2021-40444", "description": "Microsoft MSHTML Remote Code Execution Vulnerability\n\n \n**Recent assessments:** \n \n**JunquerGJ** at September 07, 2021 10:50pm UTC reported:\n\n * Vulnerable if default behaviour has been changed ( By default, Microsoft Office opens documents from the internet in Protected View or Application Guard for Office both of which prevent the current attack ) \n\n * Requires social engineering to be exploited \n\n * Workaround easy to deploy\n\n**ccondon-r7** at September 07, 2021 7:12pm UTC reported:\n\n * Vulnerable if default behaviour has been changed ( By default, Microsoft Office opens documents from the internet in Protected View or Application Guard for Office both of which prevent the current attack ) \n\n * Requires social engineering to be exploited \n\n * Workaround easy to deploy\n\n**nu11secur1ty** at September 22, 2021 4:28pm UTC reported:\n\n * Vulnerable if default behaviour has been changed ( By default, Microsoft Office opens documents from the internet in Protected View or Application Guard for Office both of which prevent the current attack ) \n\n * Requires social engineering to be exploited \n\n * Workaround easy to deploy\n\n**NinjaOperator** at September 07, 2021 6:45pm UTC reported:\n\n * Vulnerable if default behaviour has been changed ( By default, Microsoft Office opens documents from the internet in Protected View or Application Guard for Office both of which prevent the current attack ) \n\n * Requires social engineering to be exploited \n\n * Workaround easy to deploy\n\nAssessed Attacker Value: 3 \nAssessed Attacker Value: 3Assessed Attacker Value: 2\n", "published": "2021-09-15T00:00:00", "modified": "2021-09-25T00:00:00", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}, "cvss2": {}, "cvss3": {}, "href": "https://attackerkb.com/comments/d5168efc-757d-4584-a59f-dd75d566c156", "reporter": "AttackerKB", "references": ["https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-40444", "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-40444", "http://packetstormsecurity.com/files/164210/Microsoft-Windows-MSHTML-Overview.html"], "cvelist": ["CVE-2021-40444"], "immutableFields": [], "lastseen": "2021-10-06T22:41:34", "history": [], "viewCount": 50, "enchantments": {"dependencies": {"references": [{"type": "cve", "idList": ["CVE-2021-40444"]}, {"type": "kitploit", "idList": ["KITPLOIT:4033244480100620751", "KITPLOIT:942518396640901655", "KITPLOIT:3456474172768099634", "KITPLOIT:698315176468431184", "KITPLOIT:3697667464193804316", "KITPLOIT:5187040326820919368", "KITPLOIT:5550923684662771880", "KITPLOIT:5230148353750207837", "KITPLOIT:5184284878903042540", "KITPLOIT:2590785192528609562", "KITPLOIT:1624142243530526923", "KITPLOIT:4074521293617632933"]}, {"type": "cisa", "idList": ["CISA:C70D91615E3DC8B589B493118D474566"]}, {"type": "securelist", "idList": ["SECURELIST:63306FA6D056BD9A04969409AC790D84"]}, {"type": "mssecure", "idList": ["MSSECURE:795E0A765679492C51FEFA2B19EAD597"]}, {"type": "mmpc", "idList": ["MMPC:795E0A765679492C51FEFA2B19EAD597"]}, {"type": "trendmicroblog", "idList": ["TRENDMICROBLOG:E17B66F8728189778826A0F497A540F2", "TRENDMICROBLOG:E0C479F55DF4C53A47CA2170110555AE"]}, {"type": "mskb", "idList": ["KB5005563"]}, {"type": "threatpost", "idList": ["THREATPOST:62DC935BF4DB4EF8A4F1E83519B1D5CD", "THREATPOST:6D61C560E85ECD0A7A35C55E74849510", "THREATPOST:3C3F20C93519036CC712D1CA3A6D7C48"]}, {"type": "nessus", "idList": ["SMB_NT_MS21_SEP_5005569.NASL", "SMB_NT_MS21_SEP_5005565.NASL", "SMB_NT_MS21_SEP_5005566.NASL", "SMB_NT_MS21_IE_SEPT_2021.NASL", "SMB_NT_MS21_SEP_5005613.NASL", "SMB_NT_MS21_SEP_INTERNET_EXPLORER.NASL", "SMB_NT_MS21_SEP_5005573.NASL", "SMB_NT_MS21_SEP_5005568.NASL"]}, {"type": "kaspersky", "idList": ["KLA12278", "KLA12277"]}, {"type": "malwarebytes", "idList": ["MALWAREBYTES:DB54B348AF1AC41987150B5CE7B1BC66", "MALWAREBYTES:76333D1F0FCAFD79FA2EDD4A4CAFBB38", "MALWAREBYTES:801E20618F96EF51F9E60F7BC7906C2B"]}, {"type": "krebs", "idList": ["KREBS:2EC42B845847A6DCFE50ECEB9FF61C29", "KREBS:409088FC2DFC219B74043104C2B672CC"]}, {"type": "thn", "idList": ["THN:67ECC712AB360F5A56F2434CDBF6B51F", "THN:59AE75C78D4644BFA6AD90225B3DE0C1", "THN:D4E86BD8938D3B2E15104CA4922A51F8"]}, {"type": "mscve", "idList": ["MS:CVE-2021-40444"]}, {"type": "avleonov", "idList": ["AVLEONOV:5945665DFA613F7707360C10CED8C916"]}, {"type": "qualysblog", "idList": ["QUALYSBLOG:5576D16DC39617927D8AEFF027CC0911"]}, {"type": "rapid7blog", "idList": ["RAPID7BLOG:CC071AA6971D64B0F7A596B2BBD5F046"]}], "modified": "2021-10-05T10:41:56", "rev": 2}, "score": {"value": 4.4, "vector": "NONE", "modified": "2021-10-05T10:41:56", "rev": 2}}, "objectVersion": "1.6", "attackerkb": {"attackerValue": 3, "exploitability": 2}, "wildExploited": true, "wildExploitedCategory": {"Vendor Advisory": "", "News Article or Blog": ""}, "wildExploitedReports": [{"category": "Vendor Advisory", "source_url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-40444", "published": "2021-09-07T18:47:00"}, {"category": "Vendor Advisory", "source_url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-40444", "published": "2021-09-07T22:50:00"}, {"category": "Vendor Advisory", "source_url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-40444", "published": "2021-09-09T09:55:00"}, {"category": "News Article or Blog", "source_url": "", "published": "2021-09-10T05:06:00"}, {"category": "Vendor Advisory", "source_url": "https://www.microsoft.com/security/blog/2021/09/15/analyzing-attacks-that-exploit-the-mshtml-cve-2021-40444-vulnerability/", "published": "2021-09-17T14:53:00"}, {"category": "Threat Feed", "source_url": "", "published": "2021-09-17T14:53:00"}], "references_categories": {"Canonical": ["https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-40444"], "Miscellaneous": ["https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-40444", "http://packetstormsecurity.com/files/164210/Microsoft-Windows-MSHTML-Overview.html"]}, "tags": ["requires_interaction", "obscure_configuration"], "mitre_vector": {"Execution": ["Command and Scripting Interpreter: Windows Command Shell(Validated)", "Exploitation for Client Execution(Validated)", "User Execution(Validated)"]}, "last_activity": "2021-09-25T00:00:00"}, "lastseen": "2021-10-06T22:41:34", "differentElements": ["href"], "edition": 25}, {"bulletin": {"id": "AKB:F7CCD0B7-220B-49E5-A4DF-27E26B64A3F0", "hash": "3d52b470d5472513daaca763ba17c977", "type": "attackerkb", "bulletinFamily": "info", "title": "CVE-2021-40444", "description": "Microsoft MSHTML Remote Code Execution Vulnerability\n\n \n**Recent assessments:** \n \n**JunquerGJ** at September 07, 2021 10:50pm UTC reported:\n\n * Vulnerable if default behaviour has been changed ( By default, Microsoft Office opens documents from the internet in Protected View or Application Guard for Office both of which prevent the current attack ) \n\n * Requires social engineering to be exploited \n\n * Workaround easy to deploy\n\n**ccondon-r7** at September 07, 2021 7:12pm UTC reported:\n\n * Vulnerable if default behaviour has been changed ( By default, Microsoft Office opens documents from the internet in Protected View or Application Guard for Office both of which prevent the current attack ) \n\n * Requires social engineering to be exploited \n\n * Workaround easy to deploy\n\n**nu11secur1ty** at September 22, 2021 4:28pm UTC reported:\n\n * Vulnerable if default behaviour has been changed ( By default, Microsoft Office opens documents from the internet in Protected View or Application Guard for Office both of which prevent the current attack ) \n\n * Requires social engineering to be exploited \n\n * Workaround easy to deploy\n\n**NinjaOperator** at September 07, 2021 6:45pm UTC reported:\n\n * Vulnerable if default behaviour has been changed ( By default, Microsoft Office opens documents from the internet in Protected View or Application Guard for Office both of which prevent the current attack ) \n\n * Requires social engineering to be exploited \n\n * Workaround easy to deploy\n\nAssessed Attacker Value: 3 \nAssessed Attacker Value: 3Assessed Attacker Value: 2\n", "published": "2021-09-15T00:00:00", "modified": "2021-09-25T00:00:00", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}, "cvss2": {}, "cvss3": {}, "href": "https://attackerkb.com/topics/6ojqzQoPox/cve-2021-40444", "reporter": "AttackerKB", "references": ["https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-40444", "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-40444", "http://packetstormsecurity.com/files/164210/Microsoft-Windows-MSHTML-Overview.html"], "cvelist": ["CVE-2021-40444"], "immutableFields": [], "lastseen": "2021-10-06T22:41:38", "history": [], "viewCount": 51, "enchantments": {"dependencies": {"references": [{"type": "cve", "idList": ["CVE-2021-40444"]}, {"type": "kitploit", "idList": ["KITPLOIT:4033244480100620751", "KITPLOIT:942518396640901655", "KITPLOIT:3456474172768099634", "KITPLOIT:698315176468431184", "KITPLOIT:3697667464193804316", "KITPLOIT:5187040326820919368", "KITPLOIT:5550923684662771880", "KITPLOIT:5230148353750207837", "KITPLOIT:5184284878903042540", "KITPLOIT:2590785192528609562", "KITPLOIT:1624142243530526923", "KITPLOIT:4074521293617632933"]}, {"type": "cisa", "idList": ["CISA:C70D91615E3DC8B589B493118D474566"]}, {"type": "securelist", "idList": ["SECURELIST:63306FA6D056BD9A04969409AC790D84"]}, {"type": "mssecure", "idList": ["MSSECURE:795E0A765679492C51FEFA2B19EAD597"]}, {"type": "mmpc", "idList": ["MMPC:795E0A765679492C51FEFA2B19EAD597"]}, {"type": "trendmicroblog", "idList": ["TRENDMICROBLOG:E17B66F8728189778826A0F497A540F2", "TRENDMICROBLOG:E0C479F55DF4C53A47CA2170110555AE"]}, {"type": "mskb", "idList": ["KB5005563"]}, {"type": "threatpost", "idList": ["THREATPOST:62DC935BF4DB4EF8A4F1E83519B1D5CD", "THREATPOST:6D61C560E85ECD0A7A35C55E74849510", "THREATPOST:3C3F20C93519036CC712D1CA3A6D7C48"]}, {"type": "nessus", "idList": ["SMB_NT_MS21_SEP_5005569.NASL", "SMB_NT_MS21_SEP_5005565.NASL", "SMB_NT_MS21_SEP_5005566.NASL", "SMB_NT_MS21_IE_SEPT_2021.NASL", "SMB_NT_MS21_SEP_5005613.NASL", "SMB_NT_MS21_SEP_INTERNET_EXPLORER.NASL", "SMB_NT_MS21_SEP_5005573.NASL", "SMB_NT_MS21_SEP_5005568.NASL"]}, {"type": "kaspersky", "idList": ["KLA12278", "KLA12277"]}, {"type": "malwarebytes", "idList": ["MALWAREBYTES:DB54B348AF1AC41987150B5CE7B1BC66", "MALWAREBYTES:76333D1F0FCAFD79FA2EDD4A4CAFBB38", "MALWAREBYTES:801E20618F96EF51F9E60F7BC7906C2B"]}, {"type": "krebs", "idList": ["KREBS:2EC42B845847A6DCFE50ECEB9FF61C29", "KREBS:409088FC2DFC219B74043104C2B672CC"]}, {"type": "thn", "idList": ["THN:67ECC712AB360F5A56F2434CDBF6B51F", "THN:59AE75C78D4644BFA6AD90225B3DE0C1", "THN:D4E86BD8938D3B2E15104CA4922A51F8"]}, {"type": "mscve", "idList": ["MS:CVE-2021-40444"]}, {"type": "avleonov", "idList": ["AVLEONOV:5945665DFA613F7707360C10CED8C916"]}, {"type": "qualysblog", "idList": ["QUALYSBLOG:5576D16DC39617927D8AEFF027CC0911"]}, {"type": "rapid7blog", "idList": ["RAPID7BLOG:CC071AA6971D64B0F7A596B2BBD5F046"]}], "modified": "2021-10-05T10:41:56", "rev": 2}, "score": {"value": 4.4, "vector": "NONE", "modified": "2021-10-05T10:41:56", "rev": 2}}, "objectVersion": "1.6", "attackerkb": {"attackerValue": 3, "exploitability": 2}, "wildExploited": true, "wildExploitedCategory": {"Vendor Advisory": "", "News Article or Blog": ""}, "wildExploitedReports": [{"category": "Vendor Advisory", "source_url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-40444", "published": "2021-09-07T18:47:00"}, {"category": "Vendor Advisory", "source_url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-40444", "published": "2021-09-07T22:50:00"}, {"category": "Vendor Advisory", "source_url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-40444", "published": "2021-09-09T09:55:00"}, {"category": "News Article or Blog", "source_url": "", "published": "2021-09-10T05:06:00"}, {"category": "Vendor Advisory", "source_url": "https://www.microsoft.com/security/blog/2021/09/15/analyzing-attacks-that-exploit-the-mshtml-cve-2021-40444-vulnerability/", "published": "2021-09-17T14:53:00"}, {"category": "Threat Feed", "source_url": "", "published": "2021-09-17T14:53:00"}], "references_categories": {"Canonical": ["https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-40444"], "Miscellaneous": ["https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-40444", "http://packetstormsecurity.com/files/164210/Microsoft-Windows-MSHTML-Overview.html"]}, "tags": ["requires_interaction", "obscure_configuration"], "mitre_vector": {"Execution": ["Command and Scripting Interpreter: Windows Command Shell(Validated)", "Exploitation for Client Execution(Validated)", "User Execution(Validated)"]}, "last_activity": "2021-09-25T00:00:00"}, "lastseen": "2021-10-06T22:41:38", "differentElements": ["href"], "edition": 26}, {"bulletin": {"id": "AKB:F7CCD0B7-220B-49E5-A4DF-27E26B64A3F0", "hash": "f895324dfc94580c2fd6a7d9a0f2f27a", "type": "attackerkb", "bulletinFamily": "info", "title": "CVE-2021-40444", "description": "Microsoft MSHTML Remote Code Execution Vulnerability\n\n \n**Recent assessments:** \n \n**JunquerGJ** at September 07, 2021 10:50pm UTC reported:\n\n * Vulnerable if default behaviour has been changed ( By default, Microsoft Office opens documents from the internet in Protected View or Application Guard for Office both of which prevent the current attack ) \n\n * Requires social engineering to be exploited \n\n * Workaround easy to deploy\n\n**ccondon-r7** at September 07, 2021 7:12pm UTC reported:\n\n * Vulnerable if default behaviour has been changed ( By default, Microsoft Office opens documents from the internet in Protected View or Application Guard for Office both of which prevent the current attack ) \n\n * Requires social engineering to be exploited \n\n * Workaround easy to deploy\n\n**nu11secur1ty** at September 22, 2021 4:28pm UTC reported:\n\n * Vulnerable if default behaviour has been changed ( By default, Microsoft Office opens documents from the internet in Protected View or Application Guard for Office both of which prevent the current attack ) \n\n * Requires social engineering to be exploited \n\n * Workaround easy to deploy\n\n**NinjaOperator** at September 07, 2021 6:45pm UTC reported:\n\n * Vulnerable if default behaviour has been changed ( By default, Microsoft Office opens documents from the internet in Protected View or Application Guard for Office both of which prevent the current attack ) \n\n * Requires social engineering to be exploited \n\n * Workaround easy to deploy\n\nAssessed Attacker Value: 3 \nAssessed Attacker Value: 3Assessed Attacker Value: 2\n", "published": "2021-09-15T00:00:00", "modified": "2021-09-25T00:00:00", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}, "cvss2": {}, "cvss3": {}, "href": "https://attackerkb.com/comments/d5168efc-757d-4584-a59f-dd75d566c156", "reporter": "AttackerKB", "references": ["https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-40444", "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-40444", "http://packetstormsecurity.com/files/164210/Microsoft-Windows-MSHTML-Overview.html"], "cvelist": ["CVE-2021-40444"], "immutableFields": [], "lastseen": "2021-10-07T01:42:25", "history": [], "viewCount": 51, "enchantments": {"dependencies": {"references": [{"type": "cve", "idList": ["CVE-2021-40444"]}, {"type": "kitploit", "idList": ["KITPLOIT:4033244480100620751", "KITPLOIT:942518396640901655", "KITPLOIT:3456474172768099634", "KITPLOIT:698315176468431184", "KITPLOIT:3697667464193804316", "KITPLOIT:5187040326820919368", "KITPLOIT:5550923684662771880", "KITPLOIT:5230148353750207837", "KITPLOIT:5184284878903042540", "KITPLOIT:2590785192528609562", "KITPLOIT:1624142243530526923", "KITPLOIT:4074521293617632933"]}, {"type": "cisa", "idList": ["CISA:C70D91615E3DC8B589B493118D474566"]}, {"type": "securelist", "idList": ["SECURELIST:63306FA6D056BD9A04969409AC790D84"]}, {"type": "mssecure", "idList": ["MSSECURE:795E0A765679492C51FEFA2B19EAD597"]}, {"type": "mmpc", "idList": ["MMPC:795E0A765679492C51FEFA2B19EAD597"]}, {"type": "trendmicroblog", "idList": ["TRENDMICROBLOG:E17B66F8728189778826A0F497A540F2", "TRENDMICROBLOG:E0C479F55DF4C53A47CA2170110555AE"]}, {"type": "mskb", "idList": ["KB5005563"]}, {"type": "threatpost", "idList": ["THREATPOST:62DC935BF4DB4EF8A4F1E83519B1D5CD", "THREATPOST:6D61C560E85ECD0A7A35C55E74849510", "THREATPOST:3C3F20C93519036CC712D1CA3A6D7C48"]}, {"type": "nessus", "idList": ["SMB_NT_MS21_SEP_5005569.NASL", "SMB_NT_MS21_SEP_5005565.NASL", "SMB_NT_MS21_SEP_5005566.NASL", "SMB_NT_MS21_IE_SEPT_2021.NASL", "SMB_NT_MS21_SEP_5005613.NASL", "SMB_NT_MS21_SEP_INTERNET_EXPLORER.NASL", "SMB_NT_MS21_SEP_5005573.NASL", "SMB_NT_MS21_SEP_5005568.NASL"]}, {"type": "kaspersky", "idList": ["KLA12278", "KLA12277"]}, {"type": "malwarebytes", "idList": ["MALWAREBYTES:DB54B348AF1AC41987150B5CE7B1BC66", "MALWAREBYTES:76333D1F0FCAFD79FA2EDD4A4CAFBB38", "MALWAREBYTES:801E20618F96EF51F9E60F7BC7906C2B"]}, {"type": "krebs", "idList": ["KREBS:2EC42B845847A6DCFE50ECEB9FF61C29", "KREBS:409088FC2DFC219B74043104C2B672CC"]}, {"type": "thn", "idList": ["THN:67ECC712AB360F5A56F2434CDBF6B51F", "THN:59AE75C78D4644BFA6AD90225B3DE0C1", "THN:D4E86BD8938D3B2E15104CA4922A51F8"]}, {"type": "mscve", "idList": ["MS:CVE-2021-40444"]}, {"type": "avleonov", "idList": ["AVLEONOV:5945665DFA613F7707360C10CED8C916"]}, {"type": "qualysblog", "idList": ["QUALYSBLOG:5576D16DC39617927D8AEFF027CC0911"]}, {"type": "rapid7blog", "idList": ["RAPID7BLOG:CC071AA6971D64B0F7A596B2BBD5F046"]}], "modified": "2021-10-05T10:41:56", "rev": 2}, "score": {"value": 4.4, "vector": "NONE", "modified": "2021-10-05T10:41:56", "rev": 2}}, "objectVersion": "1.6", "attackerkb": {"attackerValue": 3, "exploitability": 2}, "wildExploited": true, "wildExploitedCategory": {"Vendor Advisory": "", "News Article or Blog": ""}, "wildExploitedReports": [{"category": "Vendor Advisory", "source_url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-40444", "published": "2021-09-07T18:47:00"}, {"category": "Vendor Advisory", "source_url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-40444", "published": "2021-09-07T22:50:00"}, {"category": "Vendor Advisory", "source_url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-40444", "published": "2021-09-09T09:55:00"}, {"category": "News Article or Blog", "source_url": "", "published": "2021-09-10T05:06:00"}, {"category": "Vendor Advisory", "source_url": "https://www.microsoft.com/security/blog/2021/09/15/analyzing-attacks-that-exploit-the-mshtml-cve-2021-40444-vulnerability/", "published": "2021-09-17T14:53:00"}, {"category": "Threat Feed", "source_url": "", "published": "2021-09-17T14:53:00"}], "references_categories": {"Canonical": ["https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-40444"], "Miscellaneous": ["https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-40444", "http://packetstormsecurity.com/files/164210/Microsoft-Windows-MSHTML-Overview.html"]}, "tags": ["requires_interaction", "obscure_configuration"], "mitre_vector": {"Execution": ["Command and Scripting Interpreter: Windows Command Shell(Validated)", "Exploitation for Client Execution(Validated)", "User Execution(Validated)"]}, "last_activity": "2021-09-25T00:00:00"}, "lastseen": "2021-10-07T01:42:25", "differentElements": ["href"], "edition": 27}, {"bulletin": {"id": "AKB:F7CCD0B7-220B-49E5-A4DF-27E26B64A3F0", "hash": "3d52b470d5472513daaca763ba17c977", "type": "attackerkb", "bulletinFamily": "info", "title": "CVE-2021-40444", "description": "Microsoft MSHTML Remote Code Execution Vulnerability\n\n \n**Recent assessments:** \n \n**JunquerGJ** at September 07, 2021 10:50pm UTC reported:\n\n * Vulnerable if default behaviour has been changed ( By default, Microsoft Office opens documents from the internet in Protected View or Application Guard for Office both of which prevent the current attack ) \n\n * Requires social engineering to be exploited \n\n * Workaround easy to deploy\n\n**ccondon-r7** at September 07, 2021 7:12pm UTC reported:\n\n * Vulnerable if default behaviour has been changed ( By default, Microsoft Office opens documents from the internet in Protected View or Application Guard for Office both of which prevent the current attack ) \n\n * Requires social engineering to be exploited \n\n * Workaround easy to deploy\n\n**nu11secur1ty** at September 22, 2021 4:28pm UTC reported:\n\n * Vulnerable if default behaviour has been changed ( By default, Microsoft Office opens documents from the internet in Protected View or Application Guard for Office both of which prevent the current attack ) \n\n * Requires social engineering to be exploited \n\n * Workaround easy to deploy\n\n**NinjaOperator** at September 07, 2021 6:45pm UTC reported:\n\n * Vulnerable if default behaviour has been changed ( By default, Microsoft Office opens documents from the internet in Protected View or Application Guard for Office both of which prevent the current attack ) \n\n * Requires social engineering to be exploited \n\n * Workaround easy to deploy\n\nAssessed Attacker Value: 3 \nAssessed Attacker Value: 3Assessed Attacker Value: 2\n", "published": "2021-09-15T00:00:00", "modified": "2021-09-25T00:00:00", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}, "cvss2": {}, "cvss3": {}, "href": "https://attackerkb.com/topics/6ojqzQoPox/cve-2021-40444", "reporter": "AttackerKB", "references": ["https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-40444", "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-40444", "http://packetstormsecurity.com/files/164210/Microsoft-Windows-MSHTML-Overview.html"], "cvelist": ["CVE-2021-40444"], "immutableFields": [], "lastseen": "2021-10-07T04:41:27", "history": [], "viewCount": 51, "enchantments": {"dependencies": {"references": [{"type": "cve", "idList": ["CVE-2021-40444"]}, {"type": "kitploit", "idList": ["KITPLOIT:4033244480100620751", "KITPLOIT:942518396640901655", "KITPLOIT:3456474172768099634", "KITPLOIT:698315176468431184", "KITPLOIT:3697667464193804316", "KITPLOIT:5187040326820919368", "KITPLOIT:5550923684662771880", "KITPLOIT:5230148353750207837", "KITPLOIT:5184284878903042540", "KITPLOIT:2590785192528609562", "KITPLOIT:1624142243530526923", "KITPLOIT:4074521293617632933"]}, {"type": "cisa", "idList": ["CISA:C70D91615E3DC8B589B493118D474566"]}, {"type": "securelist", "idList": ["SECURELIST:63306FA6D056BD9A04969409AC790D84"]}, {"type": "mssecure", "idList": ["MSSECURE:795E0A765679492C51FEFA2B19EAD597"]}, {"type": "mmpc", "idList": ["MMPC:795E0A765679492C51FEFA2B19EAD597"]}, {"type": "trendmicroblog", "idList": ["TRENDMICROBLOG:E17B66F8728189778826A0F497A540F2", "TRENDMICROBLOG:E0C479F55DF4C53A47CA2170110555AE"]}, {"type": "mskb", "idList": ["KB5005563"]}, {"type": "threatpost", "idList": ["THREATPOST:62DC935BF4DB4EF8A4F1E83519B1D5CD", "THREATPOST:6D61C560E85ECD0A7A35C55E74849510", "THREATPOST:3C3F20C93519036CC712D1CA3A6D7C48"]}, {"type": "nessus", "idList": ["SMB_NT_MS21_SEP_5005569.NASL", "SMB_NT_MS21_SEP_5005565.NASL", "SMB_NT_MS21_SEP_5005566.NASL", "SMB_NT_MS21_IE_SEPT_2021.NASL", "SMB_NT_MS21_SEP_5005613.NASL", "SMB_NT_MS21_SEP_INTERNET_EXPLORER.NASL", "SMB_NT_MS21_SEP_5005573.NASL", "SMB_NT_MS21_SEP_5005568.NASL"]}, {"type": "kaspersky", "idList": ["KLA12278", "KLA12277"]}, {"type": "malwarebytes", "idList": ["MALWAREBYTES:DB54B348AF1AC41987150B5CE7B1BC66", "MALWAREBYTES:76333D1F0FCAFD79FA2EDD4A4CAFBB38", "MALWAREBYTES:801E20618F96EF51F9E60F7BC7906C2B"]}, {"type": "krebs", "idList": ["KREBS:2EC42B845847A6DCFE50ECEB9FF61C29", "KREBS:409088FC2DFC219B74043104C2B672CC"]}, {"type": "thn", "idList": ["THN:67ECC712AB360F5A56F2434CDBF6B51F", "THN:59AE75C78D4644BFA6AD90225B3DE0C1", "THN:D4E86BD8938D3B2E15104CA4922A51F8"]}, {"type": "mscve", "idList": ["MS:CVE-2021-40444"]}, {"type": "avleonov", "idList": ["AVLEONOV:5945665DFA613F7707360C10CED8C916"]}, {"type": "qualysblog", "idList": ["QUALYSBLOG:5576D16DC39617927D8AEFF027CC0911"]}, {"type": "rapid7blog", "idList": ["RAPID7BLOG:CC071AA6971D64B0F7A596B2BBD5F046"]}], "modified": "2021-10-05T10:41:56", "rev": 2}, "score": {"value": 4.4, "vector": "NONE", "modified": "2021-10-05T10:41:56", "rev": 2}}, "objectVersion": "1.6", "attackerkb": {"attackerValue": 3, "exploitability": 2}, "wildExploited": true, "wildExploitedCategory": {"Vendor Advisory": "", "News Article or Blog": ""}, "wildExploitedReports": [{"category": "Vendor Advisory", "source_url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-40444", "published": "2021-09-07T18:47:00"}, {"category": "Vendor Advisory", "source_url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-40444", "published": "2021-09-07T22:50:00"}, {"category": "Vendor Advisory", "source_url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-40444", "published": "2021-09-09T09:55:00"}, {"category": "News Article or Blog", "source_url": "", "published": "2021-09-10T05:06:00"}, {"category": "Vendor Advisory", "source_url": "https://www.microsoft.com/security/blog/2021/09/15/analyzing-attacks-that-exploit-the-mshtml-cve-2021-40444-vulnerability/", "published": "2021-09-17T14:53:00"}, {"category": "Threat Feed", "source_url": "", "published": "2021-09-17T14:53:00"}], "references_categories": {"Canonical": ["https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-40444"], "Miscellaneous": ["https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-40444", "http://packetstormsecurity.com/files/164210/Microsoft-Windows-MSHTML-Overview.html"]}, "tags": ["requires_interaction", "obscure_configuration"], "mitre_vector": {"Execution": ["Command and Scripting Interpreter: Windows Command Shell(Validated)", "Exploitation for Client Execution(Validated)", "User Execution(Validated)"]}, "last_activity": "2021-09-25T00:00:00"}, "lastseen": "2021-10-07T04:41:27", "differentElements": ["href"], "edition": 28}, {"bulletin": {"id": "AKB:F7CCD0B7-220B-49E5-A4DF-27E26B64A3F0", "hash": "f895324dfc94580c2fd6a7d9a0f2f27a", "type": "attackerkb", "bulletinFamily": "info", "title": "CVE-2021-40444", "description": "Microsoft MSHTML Remote Code Execution Vulnerability\n\n \n**Recent assessments:** \n \n**JunquerGJ** at September 07, 2021 10:50pm UTC reported:\n\n * Vulnerable if default behaviour has been changed ( By default, Microsoft Office opens documents from the internet in Protected View or Application Guard for Office both of which prevent the current attack ) \n\n * Requires social engineering to be exploited \n\n * Workaround easy to deploy\n\n**ccondon-r7** at September 07, 2021 7:12pm UTC reported:\n\n * Vulnerable if default behaviour has been changed ( By default, Microsoft Office opens documents from the internet in Protected View or Application Guard for Office both of which prevent the current attack ) \n\n * Requires social engineering to be exploited \n\n * Workaround easy to deploy\n\n**nu11secur1ty** at September 22, 2021 4:28pm UTC reported:\n\n * Vulnerable if default behaviour has been changed ( By default, Microsoft Office opens documents from the internet in Protected View or Application Guard for Office both of which prevent the current attack ) \n\n * Requires social engineering to be exploited \n\n * Workaround easy to deploy\n\n**NinjaOperator** at September 07, 2021 6:45pm UTC reported:\n\n * Vulnerable if default behaviour has been changed ( By default, Microsoft Office opens documents from the internet in Protected View or Application Guard for Office both of which prevent the current attack ) \n\n * Requires social engineering to be exploited \n\n * Workaround easy to deploy\n\nAssessed Attacker Value: 3 \nAssessed Attacker Value: 3Assessed Attacker Value: 2\n", "published": "2021-09-15T00:00:00", "modified": "2021-09-25T00:00:00", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}, "cvss2": {}, "cvss3": {}, "href": "https://attackerkb.com/comments/d5168efc-757d-4584-a59f-dd75d566c156", "reporter": "AttackerKB", "references": ["https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-40444", "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-40444", "http://packetstormsecurity.com/files/164210/Microsoft-Windows-MSHTML-Overview.html"], "cvelist": ["CVE-2021-40444"], "immutableFields": [], "lastseen": "2021-10-07T04:44:14", "history": [], "viewCount": 52, "enchantments": {"dependencies": {"references": [{"type": "cve", "idList": ["CVE-2021-40444"]}, {"type": "kitploit", "idList": ["KITPLOIT:4033244480100620751", "KITPLOIT:942518396640901655", "KITPLOIT:3456474172768099634", "KITPLOIT:698315176468431184", "KITPLOIT:3697667464193804316", "KITPLOIT:5187040326820919368", "KITPLOIT:5550923684662771880", "KITPLOIT:5230148353750207837", "KITPLOIT:5184284878903042540", "KITPLOIT:2590785192528609562", "KITPLOIT:1624142243530526923", "KITPLOIT:4074521293617632933"]}, {"type": "cisa", "idList": ["CISA:C70D91615E3DC8B589B493118D474566"]}, {"type": "securelist", "idList": ["SECURELIST:63306FA6D056BD9A04969409AC790D84"]}, {"type": "mssecure", "idList": ["MSSECURE:795E0A765679492C51FEFA2B19EAD597"]}, {"type": "mmpc", "idList": ["MMPC:795E0A765679492C51FEFA2B19EAD597"]}, {"type": "trendmicroblog", "idList": ["TRENDMICROBLOG:E17B66F8728189778826A0F497A540F2", "TRENDMICROBLOG:E0C479F55DF4C53A47CA2170110555AE"]}, {"type": "mskb", "idList": ["KB5005563"]}, {"type": "threatpost", "idList": ["THREATPOST:62DC935BF4DB4EF8A4F1E83519B1D5CD", "THREATPOST:6D61C560E85ECD0A7A35C55E74849510", "THREATPOST:3C3F20C93519036CC712D1CA3A6D7C48"]}, {"type": "nessus", "idList": ["SMB_NT_MS21_SEP_5005569.NASL", "SMB_NT_MS21_SEP_5005565.NASL", "SMB_NT_MS21_SEP_5005566.NASL", "SMB_NT_MS21_IE_SEPT_2021.NASL", "SMB_NT_MS21_SEP_5005613.NASL", "SMB_NT_MS21_SEP_INTERNET_EXPLORER.NASL", "SMB_NT_MS21_SEP_5005573.NASL", "SMB_NT_MS21_SEP_5005568.NASL"]}, {"type": "kaspersky", "idList": ["KLA12278", "KLA12277"]}, {"type": "malwarebytes", "idList": ["MALWAREBYTES:DB54B348AF1AC41987150B5CE7B1BC66", "MALWAREBYTES:76333D1F0FCAFD79FA2EDD4A4CAFBB38", "MALWAREBYTES:801E20618F96EF51F9E60F7BC7906C2B"]}, {"type": "krebs", "idList": ["KREBS:2EC42B845847A6DCFE50ECEB9FF61C29", "KREBS:409088FC2DFC219B74043104C2B672CC"]}, {"type": "thn", "idList": ["THN:67ECC712AB360F5A56F2434CDBF6B51F", "THN:59AE75C78D4644BFA6AD90225B3DE0C1", "THN:D4E86BD8938D3B2E15104CA4922A51F8"]}, {"type": "mscve", "idList": ["MS:CVE-2021-40444"]}, {"type": "avleonov", "idList": ["AVLEONOV:5945665DFA613F7707360C10CED8C916"]}, {"type": "qualysblog", "idList": ["QUALYSBLOG:5576D16DC39617927D8AEFF027CC0911"]}, {"type": "rapid7blog", "idList": ["RAPID7BLOG:CC071AA6971D64B0F7A596B2BBD5F046"]}], "modified": "2021-10-05T10:41:56", "rev": 2}, "score": {"value": 4.4, "vector": "NONE", "modified": "2021-10-05T10:41:56", "rev": 2}}, "objectVersion": "1.6", "attackerkb": {"attackerValue": 3, "exploitability": 2}, "wildExploited": true, "wildExploitedCategory": {"Vendor Advisory": "", "News Article or Blog": ""}, "wildExploitedReports": [{"category": "Vendor Advisory", "source_url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-40444", "published": "2021-09-07T18:47:00"}, {"category": "Vendor Advisory", "source_url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-40444", "published": "2021-09-07T22:50:00"}, {"category": "Vendor Advisory", "source_url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-40444", "published": "2021-09-09T09:55:00"}, {"category": "News Article or Blog", "source_url": "", "published": "2021-09-10T05:06:00"}, {"category": "Vendor Advisory", "source_url": "https://www.microsoft.com/security/blog/2021/09/15/analyzing-attacks-that-exploit-the-mshtml-cve-2021-40444-vulnerability/", "published": "2021-09-17T14:53:00"}, {"category": "Threat Feed", "source_url": "", "published": "2021-09-17T14:53:00"}], "references_categories": {"Canonical": ["https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-40444"], "Miscellaneous": ["https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-40444", "http://packetstormsecurity.com/files/164210/Microsoft-Windows-MSHTML-Overview.html"]}, "tags": ["requires_interaction", "obscure_configuration"], "mitre_vector": {"Execution": ["Command and Scripting Interpreter: Windows Command Shell(Validated)", "Exploitation for Client Execution(Validated)", "User Execution(Validated)"]}, "last_activity": "2021-09-25T00:00:00"}, "lastseen": "2021-10-07T04:44:14", "differentElements": ["href"], "edition": 29}, {"bulletin": {"id": "AKB:F7CCD0B7-220B-49E5-A4DF-27E26B64A3F0", "hash": "3d52b470d5472513daaca763ba17c977", "type": "attackerkb", "bulletinFamily": "info", "title": "CVE-2021-40444", "description": "Microsoft MSHTML Remote Code Execution Vulnerability\n\n \n**Recent assessments:** \n \n**JunquerGJ** at September 07, 2021 10:50pm UTC reported:\n\n * Vulnerable if default behaviour has been changed ( By default, Microsoft Office opens documents from the internet in Protected View or Application Guard for Office both of which prevent the current attack ) \n\n * Requires social engineering to be exploited \n\n * Workaround easy to deploy\n\n**ccondon-r7** at September 07, 2021 7:12pm UTC reported:\n\n * Vulnerable if default behaviour has been changed ( By default, Microsoft Office opens documents from the internet in Protected View or Application Guard for Office both of which prevent the current attack ) \n\n * Requires social engineering to be exploited \n\n * Workaround easy to deploy\n\n**nu11secur1ty** at September 22, 2021 4:28pm UTC reported:\n\n * Vulnerable if default behaviour has been changed ( By default, Microsoft Office opens documents from the internet in Protected View or Application Guard for Office both of which prevent the current attack ) \n\n * Requires social engineering to be exploited \n\n * Workaround easy to deploy\n\n**NinjaOperator** at September 07, 2021 6:45pm UTC reported:\n\n * Vulnerable if default behaviour has been changed ( By default, Microsoft Office opens documents from the internet in Protected View or Application Guard for Office both of which prevent the current attack ) \n\n * Requires social engineering to be exploited \n\n * Workaround easy to deploy\n\nAssessed Attacker Value: 3 \nAssessed Attacker Value: 3Assessed Attacker Value: 2\n", "published": "2021-09-15T00:00:00", "modified": "2021-09-25T00:00:00", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}, "cvss2": {}, "cvss3": {}, "href": "https://attackerkb.com/topics/6ojqzQoPox/cve-2021-40444", "reporter": "AttackerKB", "references": ["https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-40444", "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-40444", "http://packetstormsecurity.com/files/164210/Microsoft-Windows-MSHTML-Overview.html"], "cvelist": ["CVE-2021-40444"], "immutableFields": [], "lastseen": "2021-10-07T07:41:22", "history": [], "viewCount": 52, "enchantments": {"dependencies": {"references": [{"type": "cve", "idList": ["CVE-2021-40444"]}, {"type": "kitploit", "idList": ["KITPLOIT:4033244480100620751", "KITPLOIT:942518396640901655", "KITPLOIT:3456474172768099634", "KITPLOIT:698315176468431184", "KITPLOIT:3697667464193804316", "KITPLOIT:5187040326820919368", "KITPLOIT:5550923684662771880", "KITPLOIT:5230148353750207837", "KITPLOIT:5184284878903042540", "KITPLOIT:2590785192528609562", "KITPLOIT:1624142243530526923", "KITPLOIT:4074521293617632933"]}, {"type": "cisa", "idList": ["CISA:C70D91615E3DC8B589B493118D474566"]}, {"type": "securelist", "idList": ["SECURELIST:63306FA6D056BD9A04969409AC790D84"]}, {"type": "mssecure", "idList": ["MSSECURE:795E0A765679492C51FEFA2B19EAD597"]}, {"type": "mmpc", "idList": ["MMPC:795E0A765679492C51FEFA2B19EAD597"]}, {"type": "trendmicroblog", "idList": ["TRENDMICROBLOG:E17B66F8728189778826A0F497A540F2", "TRENDMICROBLOG:E0C479F55DF4C53A47CA2170110555AE"]}, {"type": "mskb", "idList": ["KB5005563"]}, {"type": "threatpost", "idList": ["THREATPOST:62DC935BF4DB4EF8A4F1E83519B1D5CD", "THREATPOST:6D61C560E85ECD0A7A35C55E74849510", "THREATPOST:3C3F20C93519036CC712D1CA3A6D7C48"]}, {"type": "nessus", "idList": ["SMB_NT_MS21_SEP_5005569.NASL", "SMB_NT_MS21_SEP_5005565.NASL", "SMB_NT_MS21_SEP_5005566.NASL", "SMB_NT_MS21_IE_SEPT_2021.NASL", "SMB_NT_MS21_SEP_5005613.NASL", "SMB_NT_MS21_SEP_INTERNET_EXPLORER.NASL", "SMB_NT_MS21_SEP_5005573.NASL", "SMB_NT_MS21_SEP_5005568.NASL"]}, {"type": "kaspersky", "idList": ["KLA12278", "KLA12277"]}, {"type": "malwarebytes", "idList": ["MALWAREBYTES:DB54B348AF1AC41987150B5CE7B1BC66", "MALWAREBYTES:76333D1F0FCAFD79FA2EDD4A4CAFBB38", "MALWAREBYTES:801E20618F96EF51F9E60F7BC7906C2B"]}, {"type": "krebs", "idList": ["KREBS:2EC42B845847A6DCFE50ECEB9FF61C29", "KREBS:409088FC2DFC219B74043104C2B672CC"]}, {"type": "thn", "idList": ["THN:67ECC712AB360F5A56F2434CDBF6B51F", "THN:59AE75C78D4644BFA6AD90225B3DE0C1", "THN:D4E86BD8938D3B2E15104CA4922A51F8"]}, {"type": "mscve", "idList": ["MS:CVE-2021-40444"]}, {"type": "avleonov", "idList": ["AVLEONOV:5945665DFA613F7707360C10CED8C916"]}, {"type": "qualysblog", "idList": ["QUALYSBLOG:5576D16DC39617927D8AEFF027CC0911"]}, {"type": "rapid7blog", "idList": ["RAPID7BLOG:CC071AA6971D64B0F7A596B2BBD5F046"]}], "modified": "2021-10-05T10:41:56", "rev": 2}, "score": {"value": 4.4, "vector": "NONE", "modified": "2021-10-05T10:41:56", "rev": 2}}, "objectVersion": "1.6", "attackerkb": {"attackerValue": 3, "exploitability": 2}, "wildExploited": true, "wildExploitedCategory": {"Vendor Advisory": "", "News Article or Blog": ""}, "wildExploitedReports": [{"category": "Vendor Advisory", "source_url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-40444", "published": "2021-09-07T18:47:00"}, {"category": "Vendor Advisory", "source_url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-40444", "published": "2021-09-07T22:50:00"}, {"category": "Vendor Advisory", "source_url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-40444", "published": "2021-09-09T09:55:00"}, {"category": "News Article or Blog", "source_url": "", "published": "2021-09-10T05:06:00"}, {"category": "Vendor Advisory", "source_url": "https://www.microsoft.com/security/blog/2021/09/15/analyzing-attacks-that-exploit-the-mshtml-cve-2021-40444-vulnerability/", "published": "2021-09-17T14:53:00"}, {"category": "Threat Feed", "source_url": "", "published": "2021-09-17T14:53:00"}], "references_categories": {"Canonical": ["https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-40444"], "Miscellaneous": ["https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-40444", "http://packetstormsecurity.com/files/164210/Microsoft-Windows-MSHTML-Overview.html"]}, "tags": ["requires_interaction", "obscure_configuration"], "mitre_vector": {"Execution": ["Command and Scripting Interpreter: Windows Command Shell(Validated)", "Exploitation for Client Execution(Validated)", "User Execution(Validated)"]}, "last_activity": "2021-09-25T00:00:00"}, "lastseen": "2021-10-07T07:41:22", "differentElements": ["href"], "edition": 30}, {"bulletin": {"id": "AKB:F7CCD0B7-220B-49E5-A4DF-27E26B64A3F0", "hash": "f895324dfc94580c2fd6a7d9a0f2f27a", "type": "attackerkb", "bulletinFamily": "info", "title": "CVE-2021-40444", "description": "Microsoft MSHTML Remote Code Execution Vulnerability\n\n \n**Recent assessments:** \n \n**JunquerGJ** at September 07, 2021 10:50pm UTC reported:\n\n * Vulnerable if default behaviour has been changed ( By default, Microsoft Office opens documents from the internet in Protected View or Application Guard for Office both of which prevent the current attack ) \n\n * Requires social engineering to be exploited \n\n * Workaround easy to deploy\n\n**ccondon-r7** at September 07, 2021 7:12pm UTC reported:\n\n * Vulnerable if default behaviour has been changed ( By default, Microsoft Office opens documents from the internet in Protected View or Application Guard for Office both of which prevent the current attack ) \n\n * Requires social engineering to be exploited \n\n * Workaround easy to deploy\n\n**nu11secur1ty** at September 22, 2021 4:28pm UTC reported:\n\n * Vulnerable if default behaviour has been changed ( By default, Microsoft Office opens documents from the internet in Protected View or Application Guard for Office both of which prevent the current attack ) \n\n * Requires social engineering to be exploited \n\n * Workaround easy to deploy\n\n**NinjaOperator** at September 07, 2021 6:45pm UTC reported:\n\n * Vulnerable if default behaviour has been changed ( By default, Microsoft Office opens documents from the internet in Protected View or Application Guard for Office both of which prevent the current attack ) \n\n * Requires social engineering to be exploited \n\n * Workaround easy to deploy\n\nAssessed Attacker Value: 3 \nAssessed Attacker Value: 3Assessed Attacker Value: 2\n", "published": "2021-09-15T00:00:00", "modified": "2021-09-25T00:00:00", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}, "cvss2": {}, "cvss3": {}, "href": "https://attackerkb.com/comments/d5168efc-757d-4584-a59f-dd75d566c156", "reporter": "AttackerKB", "references": ["https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-40444", "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-40444", "http://packetstormsecurity.com/files/164210/Microsoft-Windows-MSHTML-Overview.html"], "cvelist": ["CVE-2021-40444"], "immutableFields": [], "lastseen": "2021-10-07T10:41:34", "history": [], "viewCount": 52, "enchantments": {"dependencies": {"references": [{"type": "cve", "idList": ["CVE-2021-40444"]}, {"type": "kitploit", "idList": ["KITPLOIT:4033244480100620751", "KITPLOIT:942518396640901655", "KITPLOIT:3456474172768099634", "KITPLOIT:698315176468431184", "KITPLOIT:3697667464193804316", "KITPLOIT:5187040326820919368", "KITPLOIT:5550923684662771880", "KITPLOIT:5230148353750207837", "KITPLOIT:5184284878903042540", "KITPLOIT:2590785192528609562", "KITPLOIT:1624142243530526923", "KITPLOIT:4074521293617632933"]}, {"type": "cisa", "idList": ["CISA:C70D91615E3DC8B589B493118D474566"]}, {"type": "securelist", "idList": ["SECURELIST:63306FA6D056BD9A04969409AC790D84"]}, {"type": "mssecure", "idList": ["MSSECURE:795E0A765679492C51FEFA2B19EAD597"]}, {"type": "mmpc", "idList": ["MMPC:795E0A765679492C51FEFA2B19EAD597"]}, {"type": "trendmicroblog", "idList": ["TRENDMICROBLOG:E17B66F8728189778826A0F497A540F2", "TRENDMICROBLOG:E0C479F55DF4C53A47CA2170110555AE"]}, {"type": "mskb", "idList": ["KB5005563"]}, {"type": "threatpost", "idList": ["THREATPOST:62DC935BF4DB4EF8A4F1E83519B1D5CD", "THREATPOST:6D61C560E85ECD0A7A35C55E74849510", "THREATPOST:3C3F20C93519036CC712D1CA3A6D7C48"]}, {"type": "nessus", "idList": ["SMB_NT_MS21_SEP_5005569.NASL", "SMB_NT_MS21_SEP_5005565.NASL", "SMB_NT_MS21_SEP_5005566.NASL", "SMB_NT_MS21_IE_SEPT_2021.NASL", "SMB_NT_MS21_SEP_5005613.NASL", "SMB_NT_MS21_SEP_INTERNET_EXPLORER.NASL", "SMB_NT_MS21_SEP_5005573.NASL", "SMB_NT_MS21_SEP_5005568.NASL"]}, {"type": "kaspersky", "idList": ["KLA12278", "KLA12277"]}, {"type": "malwarebytes", "idList": ["MALWAREBYTES:DB54B348AF1AC41987150B5CE7B1BC66", "MALWAREBYTES:76333D1F0FCAFD79FA2EDD4A4CAFBB38", "MALWAREBYTES:801E20618F96EF51F9E60F7BC7906C2B"]}, {"type": "krebs", "idList": ["KREBS:2EC42B845847A6DCFE50ECEB9FF61C29", "KREBS:409088FC2DFC219B74043104C2B672CC"]}, {"type": "thn", "idList": ["THN:67ECC712AB360F5A56F2434CDBF6B51F", "THN:59AE75C78D4644BFA6AD90225B3DE0C1", "THN:D4E86BD8938D3B2E15104CA4922A51F8"]}, {"type": "mscve", "idList": ["MS:CVE-2021-40444"]}, {"type": "avleonov", "idList": ["AVLEONOV:5945665DFA613F7707360C10CED8C916"]}, {"type": "qualysblog", "idList": ["QUALYSBLOG:5576D16DC39617927D8AEFF027CC0911"]}, {"type": "rapid7blog", "idList": ["RAPID7BLOG:CC071AA6971D64B0F7A596B2BBD5F046"]}], "modified": "2021-10-05T10:41:56", "rev": 2}, "score": {"value": 4.4, "vector": "NONE", "modified": "2021-10-05T10:41:56", "rev": 2}}, "objectVersion": "1.6", "attackerkb": {"attackerValue": 3, "exploitability": 2}, "wildExploited": true, "wildExploitedCategory": {"Vendor Advisory": "", "News Article or Blog": ""}, "wildExploitedReports": [{"category": "Vendor Advisory", "source_url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-40444", "published": "2021-09-07T18:47:00"}, {"category": "Vendor Advisory", "source_url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-40444", "published": "2021-09-07T22:50:00"}, {"category": "Vendor Advisory", "source_url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-40444", "published": "2021-09-09T09:55:00"}, {"category": "News Article or Blog", "source_url": "", "published": "2021-09-10T05:06:00"}, {"category": "Vendor Advisory", "source_url": "https://www.microsoft.com/security/blog/2021/09/15/analyzing-attacks-that-exploit-the-mshtml-cve-2021-40444-vulnerability/", "published": "2021-09-17T14:53:00"}, {"category": "Threat Feed", "source_url": "", "published": "2021-09-17T14:53:00"}], "references_categories": {"Canonical": ["https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-40444"], "Miscellaneous": ["https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-40444", "http://packetstormsecurity.com/files/164210/Microsoft-Windows-MSHTML-Overview.html"]}, "tags": ["requires_interaction", "obscure_configuration"], "mitre_vector": {"Execution": ["Command and Scripting Interpreter: Windows Command Shell(Validated)", "Exploitation for Client Execution(Validated)", "User Execution(Validated)"]}, "last_activity": "2021-09-25T00:00:00"}, "lastseen": "2021-10-07T10:41:34", "differentElements": ["href"], "edition": 31}, {"bulletin": {"id": "AKB:F7CCD0B7-220B-49E5-A4DF-27E26B64A3F0", "hash": "3d52b470d5472513daaca763ba17c977", "type": "attackerkb", "bulletinFamily": "info", "title": "CVE-2021-40444", "description": "Microsoft MSHTML Remote Code Execution Vulnerability\n\n \n**Recent assessments:** \n \n**JunquerGJ** at September 07, 2021 10:50pm UTC reported:\n\n * Vulnerable if default behaviour has been changed ( By default, Microsoft Office opens documents from the internet in Protected View or Application Guard for Office both of which prevent the current attack ) \n\n * Requires social engineering to be exploited \n\n * Workaround easy to deploy\n\n**ccondon-r7** at September 07, 2021 7:12pm UTC reported:\n\n * Vulnerable if default behaviour has been changed ( By default, Microsoft Office opens documents from the internet in Protected View or Application Guard for Office both of which prevent the current attack ) \n\n * Requires social engineering to be exploited \n\n * Workaround easy to deploy\n\n**nu11secur1ty** at September 22, 2021 4:28pm UTC reported:\n\n * Vulnerable if default behaviour has been changed ( By default, Microsoft Office opens documents from the internet in Protected View or Application Guard for Office both of which prevent the current attack ) \n\n * Requires social engineering to be exploited \n\n * Workaround easy to deploy\n\n**NinjaOperator** at September 07, 2021 6:45pm UTC reported:\n\n * Vulnerable if default behaviour has been changed ( By default, Microsoft Office opens documents from the internet in Protected View or Application Guard for Office both of which prevent the current attack ) \n\n * Requires social engineering to be exploited \n\n * Workaround easy to deploy\n\nAssessed Attacker Value: 3 \nAssessed Attacker Value: 3Assessed Attacker Value: 2\n", "published": "2021-09-15T00:00:00", "modified": "2021-09-25T00:00:00", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}, "cvss2": {}, "cvss3": {}, "href": "https://attackerkb.com/topics/6ojqzQoPox/cve-2021-40444", "reporter": "AttackerKB", "references": ["https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-40444", "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-40444", "http://packetstormsecurity.com/files/164210/Microsoft-Windows-MSHTML-Overview.html"], "cvelist": ["CVE-2021-40444"], "immutableFields": [], "lastseen": "2021-10-07T10:41:41", "history": [], "viewCount": 52, "enchantments": {"dependencies": {"references": [{"type": "cve", "idList": ["CVE-2021-40444"]}, {"type": "kitploit", "idList": ["KITPLOIT:4033244480100620751", "KITPLOIT:942518396640901655", "KITPLOIT:3456474172768099634", "KITPLOIT:698315176468431184", "KITPLOIT:3697667464193804316", "KITPLOIT:5187040326820919368", "KITPLOIT:5550923684662771880", "KITPLOIT:5230148353750207837", "KITPLOIT:5184284878903042540", "KITPLOIT:2590785192528609562", "KITPLOIT:1624142243530526923", "KITPLOIT:4074521293617632933"]}, {"type": "cisa", "idList": ["CISA:C70D91615E3DC8B589B493118D474566"]}, {"type": "securelist", "idList": ["SECURELIST:63306FA6D056BD9A04969409AC790D84"]}, {"type": "mssecure", "idList": ["MSSECURE:795E0A765679492C51FEFA2B19EAD597"]}, {"type": "mmpc", "idList": ["MMPC:795E0A765679492C51FEFA2B19EAD597"]}, {"type": "trendmicroblog", "idList": ["TRENDMICROBLOG:E17B66F8728189778826A0F497A540F2", "TRENDMICROBLOG:E0C479F55DF4C53A47CA2170110555AE"]}, {"type": "mskb", "idList": ["KB5005563"]}, {"type": "threatpost", "idList": ["THREATPOST:62DC935BF4DB4EF8A4F1E83519B1D5CD", "THREATPOST:6D61C560E85ECD0A7A35C55E74849510", "THREATPOST:3C3F20C93519036CC712D1CA3A6D7C48"]}, {"type": "nessus", "idList": ["SMB_NT_MS21_SEP_5005569.NASL", "SMB_NT_MS21_SEP_5005565.NASL", "SMB_NT_MS21_SEP_5005566.NASL", "SMB_NT_MS21_IE_SEPT_2021.NASL", "SMB_NT_MS21_SEP_5005613.NASL", "SMB_NT_MS21_SEP_INTERNET_EXPLORER.NASL", "SMB_NT_MS21_SEP_5005573.NASL", "SMB_NT_MS21_SEP_5005568.NASL"]}, {"type": "kaspersky", "idList": ["KLA12278", "KLA12277"]}, {"type": "malwarebytes", "idList": ["MALWAREBYTES:DB54B348AF1AC41987150B5CE7B1BC66", "MALWAREBYTES:76333D1F0FCAFD79FA2EDD4A4CAFBB38", "MALWAREBYTES:801E20618F96EF51F9E60F7BC7906C2B"]}, {"type": "krebs", "idList": ["KREBS:2EC42B845847A6DCFE50ECEB9FF61C29", "KREBS:409088FC2DFC219B74043104C2B672CC"]}, {"type": "thn", "idList": ["THN:67ECC712AB360F5A56F2434CDBF6B51F", "THN:59AE75C78D4644BFA6AD90225B3DE0C1", "THN:D4E86BD8938D3B2E15104CA4922A51F8"]}, {"type": "mscve", "idList": ["MS:CVE-2021-40444"]}, {"type": "avleonov", "idList": ["AVLEONOV:5945665DFA613F7707360C10CED8C916"]}, {"type": "qualysblog", "idList": ["QUALYSBLOG:5576D16DC39617927D8AEFF027CC0911"]}, {"type": "rapid7blog", "idList": ["RAPID7BLOG:CC071AA6971D64B0F7A596B2BBD5F046"]}], "modified": "2021-10-05T10:41:56", "rev": 2}, "score": {"value": 4.4, "vector": "NONE", "modified": "2021-10-05T10:41:56", "rev": 2}}, "objectVersion": "1.6", "attackerkb": {"attackerValue": 3, "exploitability": 2}, "wildExploited": true, "wildExploitedCategory": {"Vendor Advisory": "", "News Article or Blog": ""}, "wildExploitedReports": [{"category": "Vendor Advisory", "source_url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-40444", "published": "2021-09-07T18:47:00"}, {"category": "Vendor Advisory", "source_url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-40444", "published": "2021-09-07T22:50:00"}, {"category": "Vendor Advisory", "source_url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-40444", "published": "2021-09-09T09:55:00"}, {"category": "News Article or Blog", "source_url": "", "published": "2021-09-10T05:06:00"}, {"category": "Vendor Advisory", "source_url": "https://www.microsoft.com/security/blog/2021/09/15/analyzing-attacks-that-exploit-the-mshtml-cve-2021-40444-vulnerability/", "published": "2021-09-17T14:53:00"}, {"category": "Threat Feed", "source_url": "", "published": "2021-09-17T14:53:00"}], "references_categories": {"Canonical": ["https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-40444"], "Miscellaneous": ["https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-40444", "http://packetstormsecurity.com/files/164210/Microsoft-Windows-MSHTML-Overview.html"]}, "tags": ["requires_interaction", "obscure_configuration"], "mitre_vector": {"Execution": ["Command and Scripting Interpreter: Windows Command Shell(Validated)", "Exploitation for Client Execution(Validated)", "User Execution(Validated)"]}, "last_activity": "2021-09-25T00:00:00"}, "lastseen": "2021-10-07T10:41:41", "differentElements": ["href"], "edition": 32}, {"bulletin": {"id": "AKB:F7CCD0B7-220B-49E5-A4DF-27E26B64A3F0", "hash": "f895324dfc94580c2fd6a7d9a0f2f27a", "type": "attackerkb", "bulletinFamily": "info", "title": "CVE-2021-40444", "description": "Microsoft MSHTML Remote Code Execution Vulnerability\n\n \n**Recent assessments:** \n \n**JunquerGJ** at September 07, 2021 10:50pm UTC reported:\n\n * Vulnerable if default behaviour has been changed ( By default, Microsoft Office opens documents from the internet in Protected View or Application Guard for Office both of which prevent the current attack ) \n\n * Requires social engineering to be exploited \n\n * Workaround easy to deploy\n\n**ccondon-r7** at September 07, 2021 7:12pm UTC reported:\n\n * Vulnerable if default behaviour has been changed ( By default, Microsoft Office opens documents from the internet in Protected View or Application Guard for Office both of which prevent the current attack ) \n\n * Requires social engineering to be exploited \n\n * Workaround easy to deploy\n\n**nu11secur1ty** at September 22, 2021 4:28pm UTC reported:\n\n * Vulnerable if default behaviour has been changed ( By default, Microsoft Office opens documents from the internet in Protected View or Application Guard for Office both of which prevent the current attack ) \n\n * Requires social engineering to be exploited \n\n * Workaround easy to deploy\n\n**NinjaOperator** at September 07, 2021 6:45pm UTC reported:\n\n * Vulnerable if default behaviour has been changed ( By default, Microsoft Office opens documents from the internet in Protected View or Application Guard for Office both of which prevent the current attack ) \n\n * Requires social engineering to be exploited \n\n * Workaround easy to deploy\n\nAssessed Attacker Value: 3 \nAssessed Attacker Value: 3Assessed Attacker Value: 2\n", "published": "2021-09-15T00:00:00", "modified": "2021-09-25T00:00:00", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}, "cvss2": {}, "cvss3": {}, "href": "https://attackerkb.com/comments/d5168efc-757d-4584-a59f-dd75d566c156", "reporter": "AttackerKB", "references": ["https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-40444", "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-40444", "http://packetstormsecurity.com/files/164210/Microsoft-Windows-MSHTML-Overview.html"], "cvelist": ["CVE-2021-40444"], "immutableFields": [], "lastseen": "2021-10-07T13:42:47", "history": [], "viewCount": 52, "enchantments": {"dependencies": {"references": [{"type": "cve", "idList": ["CVE-2021-40444"]}, {"type": "kitploit", "idList": ["KITPLOIT:4033244480100620751", "KITPLOIT:942518396640901655", "KITPLOIT:3456474172768099634", "KITPLOIT:698315176468431184", "KITPLOIT:3697667464193804316", "KITPLOIT:5187040326820919368", "KITPLOIT:5550923684662771880", "KITPLOIT:5230148353750207837", "KITPLOIT:5184284878903042540", "KITPLOIT:2590785192528609562", "KITPLOIT:1624142243530526923", "KITPLOIT:4074521293617632933"]}, {"type": "cisa", "idList": ["CISA:C70D91615E3DC8B589B493118D474566"]}, {"type": "securelist", "idList": ["SECURELIST:63306FA6D056BD9A04969409AC790D84"]}, {"type": "mssecure", "idList": ["MSSECURE:795E0A765679492C51FEFA2B19EAD597"]}, {"type": "mmpc", "idList": ["MMPC:795E0A765679492C51FEFA2B19EAD597"]}, {"type": "trendmicroblog", "idList": ["TRENDMICROBLOG:E17B66F8728189778826A0F497A540F2", "TRENDMICROBLOG:E0C479F55DF4C53A47CA2170110555AE"]}, {"type": "mskb", "idList": ["KB5005563"]}, {"type": "threatpost", "idList": ["THREATPOST:62DC935BF4DB4EF8A4F1E83519B1D5CD", "THREATPOST:6D61C560E85ECD0A7A35C55E74849510", "THREATPOST:3C3F20C93519036CC712D1CA3A6D7C48"]}, {"type": "nessus", "idList": ["SMB_NT_MS21_SEP_5005569.NASL", "SMB_NT_MS21_SEP_5005565.NASL", "SMB_NT_MS21_SEP_5005566.NASL", "SMB_NT_MS21_IE_SEPT_2021.NASL", "SMB_NT_MS21_SEP_5005613.NASL", "SMB_NT_MS21_SEP_INTERNET_EXPLORER.NASL", "SMB_NT_MS21_SEP_5005573.NASL", "SMB_NT_MS21_SEP_5005568.NASL"]}, {"type": "kaspersky", "idList": ["KLA12278", "KLA12277"]}, {"type": "malwarebytes", "idList": ["MALWAREBYTES:DB54B348AF1AC41987150B5CE7B1BC66", "MALWAREBYTES:76333D1F0FCAFD79FA2EDD4A4CAFBB38", "MALWAREBYTES:801E20618F96EF51F9E60F7BC7906C2B"]}, {"type": "krebs", "idList": ["KREBS:2EC42B845847A6DCFE50ECEB9FF61C29", "KREBS:409088FC2DFC219B74043104C2B672CC"]}, {"type": "thn", "idList": ["THN:67ECC712AB360F5A56F2434CDBF6B51F", "THN:59AE75C78D4644BFA6AD90225B3DE0C1", "THN:D4E86BD8938D3B2E15104CA4922A51F8"]}, {"type": "mscve", "idList": ["MS:CVE-2021-40444"]}, {"type": "avleonov", "idList": ["AVLEONOV:5945665DFA613F7707360C10CED8C916"]}, {"type": "qualysblog", "idList": ["QUALYSBLOG:5576D16DC39617927D8AEFF027CC0911"]}, {"type": "rapid7blog", "idList": ["RAPID7BLOG:CC071AA6971D64B0F7A596B2BBD5F046"]}], "modified": "2021-10-05T10:41:56", "rev": 2}, "score": {"value": 4.4, "vector": "NONE", "modified": "2021-10-05T10:41:56", "rev": 2}}, "objectVersion": "1.6", "attackerkb": {"attackerValue": 3, "exploitability": 2}, "wildExploited": true, "wildExploitedCategory": {"Vendor Advisory": "", "News Article or Blog": ""}, "wildExploitedReports": [{"category": "Vendor Advisory", "source_url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-40444", "published": "2021-09-07T18:47:00"}, {"category": "Vendor Advisory", "source_url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-40444", "published": "2021-09-07T22:50:00"}, {"category": "Vendor Advisory", "source_url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-40444", "published": "2021-09-09T09:55:00"}, {"category": "News Article or Blog", "source_url": "", "published": "2021-09-10T05:06:00"}, {"category": "Vendor Advisory", "source_url": "https://www.microsoft.com/security/blog/2021/09/15/analyzing-attacks-that-exploit-the-mshtml-cve-2021-40444-vulnerability/", "published": "2021-09-17T14:53:00"}, {"category": "Threat Feed", "source_url": "", "published": "2021-09-17T14:53:00"}], "references_categories": {"Canonical": ["https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-40444"], "Miscellaneous": ["https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-40444", "http://packetstormsecurity.com/files/164210/Microsoft-Windows-MSHTML-Overview.html"]}, "tags": ["requires_interaction", "obscure_configuration"], "mitre_vector": {"Execution": ["Command and Scripting Interpreter: Windows Command Shell(Validated)", "Exploitation for Client Execution(Validated)", "User Execution(Validated)"]}, "last_activity": "2021-09-25T00:00:00"}, "lastseen": "2021-10-07T13:42:47", "differentElements": ["href"], "edition": 33}, {"bulletin": {"id": "AKB:F7CCD0B7-220B-49E5-A4DF-27E26B64A3F0", "hash": "3d52b470d5472513daaca763ba17c977", "type": "attackerkb", "bulletinFamily": "info", "title": "CVE-2021-40444", "description": "Microsoft MSHTML Remote Code Execution Vulnerability\n\n \n**Recent assessments:** \n \n**JunquerGJ** at September 07, 2021 10:50pm UTC reported:\n\n * Vulnerable if default behaviour has been changed ( By default, Microsoft Office opens documents from the internet in Protected View or Application Guard for Office both of which prevent the current attack ) \n\n * Requires social engineering to be exploited \n\n * Workaround easy to deploy\n\n**ccondon-r7** at September 07, 2021 7:12pm UTC reported:\n\n * Vulnerable if default behaviour has been changed ( By default, Microsoft Office opens documents from the internet in Protected View or Application Guard for Office both of which prevent the current attack ) \n\n * Requires social engineering to be exploited \n\n * Workaround easy to deploy\n\n**nu11secur1ty** at September 22, 2021 4:28pm UTC reported:\n\n * Vulnerable if default behaviour has been changed ( By default, Microsoft Office opens documents from the internet in Protected View or Application Guard for Office both of which prevent the current attack ) \n\n * Requires social engineering to be exploited \n\n * Workaround easy to deploy\n\n**NinjaOperator** at September 07, 2021 6:45pm UTC reported:\n\n * Vulnerable if default behaviour has been changed ( By default, Microsoft Office opens documents from the internet in Protected View or Application Guard for Office both of which prevent the current attack ) \n\n * Requires social engineering to be exploited \n\n * Workaround easy to deploy\n\nAssessed Attacker Value: 3 \nAssessed Attacker Value: 3Assessed Attacker Value: 2\n", "published": "2021-09-15T00:00:00", "modified": "2021-09-25T00:00:00", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}, "cvss2": {}, "cvss3": {}, "href": "https://attackerkb.com/topics/6ojqzQoPox/cve-2021-40444", "reporter": "AttackerKB", "references": ["https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-40444", "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-40444", "http://packetstormsecurity.com/files/164210/Microsoft-Windows-MSHTML-Overview.html"], "cvelist": ["CVE-2021-40444"], "immutableFields": [], "lastseen": "2021-10-07T13:42:50", "history": [], "viewCount": 52, "enchantments": {"dependencies": {"references": [{"type": "cve", "idList": ["CVE-2021-40444"]}, {"type": "kitploit", "idList": ["KITPLOIT:4033244480100620751", "KITPLOIT:942518396640901655", "KITPLOIT:3456474172768099634", "KITPLOIT:698315176468431184", "KITPLOIT:3697667464193804316", "KITPLOIT:5187040326820919368", "KITPLOIT:5550923684662771880", "KITPLOIT:5230148353750207837", "KITPLOIT:5184284878903042540", "KITPLOIT:2590785192528609562", "KITPLOIT:1624142243530526923", "KITPLOIT:4074521293617632933"]}, {"type": "cisa", "idList": ["CISA:C70D91615E3DC8B589B493118D474566"]}, {"type": "securelist", "idList": ["SECURELIST:63306FA6D056BD9A04969409AC790D84"]}, {"type": "mssecure", "idList": ["MSSECURE:795E0A765679492C51FEFA2B19EAD597"]}, {"type": "mmpc", "idList": ["MMPC:795E0A765679492C51FEFA2B19EAD597"]}, {"type": "trendmicroblog", "idList": ["TRENDMICROBLOG:E17B66F8728189778826A0F497A540F2", "TRENDMICROBLOG:E0C479F55DF4C53A47CA2170110555AE"]}, {"type": "mskb", "idList": ["KB5005563"]}, {"type": "threatpost", "idList": ["THREATPOST:62DC935BF4DB4EF8A4F1E83519B1D5CD", "THREATPOST:6D61C560E85ECD0A7A35C55E74849510", "THREATPOST:3C3F20C93519036CC712D1CA3A6D7C48"]}, {"type": "nessus", "idList": ["SMB_NT_MS21_SEP_5005569.NASL", "SMB_NT_MS21_SEP_5005565.NASL", "SMB_NT_MS21_SEP_5005566.NASL", "SMB_NT_MS21_IE_SEPT_2021.NASL", "SMB_NT_MS21_SEP_5005613.NASL", "SMB_NT_MS21_SEP_INTERNET_EXPLORER.NASL", "SMB_NT_MS21_SEP_5005573.NASL", "SMB_NT_MS21_SEP_5005568.NASL"]}, {"type": "kaspersky", "idList": ["KLA12278", "KLA12277"]}, {"type": "malwarebytes", "idList": ["MALWAREBYTES:DB54B348AF1AC41987150B5CE7B1BC66", "MALWAREBYTES:76333D1F0FCAFD79FA2EDD4A4CAFBB38", "MALWAREBYTES:801E20618F96EF51F9E60F7BC7906C2B"]}, {"type": "krebs", "idList": ["KREBS:2EC42B845847A6DCFE50ECEB9FF61C29", "KREBS:409088FC2DFC219B74043104C2B672CC"]}, {"type": "thn", "idList": ["THN:67ECC712AB360F5A56F2434CDBF6B51F", "THN:59AE75C78D4644BFA6AD90225B3DE0C1", "THN:D4E86BD8938D3B2E15104CA4922A51F8"]}, {"type": "mscve", "idList": ["MS:CVE-2021-40444"]}, {"type": "avleonov", "idList": ["AVLEONOV:5945665DFA613F7707360C10CED8C916"]}, {"type": "qualysblog", "idList": ["QUALYSBLOG:5576D16DC39617927D8AEFF027CC0911"]}, {"type": "rapid7blog", "idList": ["RAPID7BLOG:CC071AA6971D64B0F7A596B2BBD5F046"]}], "modified": "2021-10-05T10:41:56", "rev": 2}, "score": {"value": 4.4, "vector": "NONE", "modified": "2021-10-05T10:41:56", "rev": 2}}, "objectVersion": "1.6", "attackerkb": {"attackerValue": 3, "exploitability": 2}, "wildExploited": true, "wildExploitedCategory": {"Vendor Advisory": "", "News Article or Blog": ""}, "wildExploitedReports": [{"category": "Vendor Advisory", "source_url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-40444", "published": "2021-09-07T18:47:00"}, {"category": "Vendor Advisory", "source_url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-40444", "published": "2021-09-07T22:50:00"}, {"category": "Vendor Advisory", "source_url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-40444", "published": "2021-09-09T09:55:00"}, {"category": "News Article or Blog", "source_url": "", "published": "2021-09-10T05:06:00"}, {"category": "Vendor Advisory", "source_url": "https://www.microsoft.com/security/blog/2021/09/15/analyzing-attacks-that-exploit-the-mshtml-cve-2021-40444-vulnerability/", "published": "2021-09-17T14:53:00"}, {"category": "Threat Feed", "source_url": "", "published": "2021-09-17T14:53:00"}], "references_categories": {"Canonical": ["https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-40444"], "Miscellaneous": ["https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-40444", "http://packetstormsecurity.com/files/164210/Microsoft-Windows-MSHTML-Overview.html"]}, "tags": ["requires_interaction", "obscure_configuration"], "mitre_vector": {"Execution": ["Command and Scripting Interpreter: Windows Command Shell(Validated)", "Exploitation for Client Execution(Validated)", "User Execution(Validated)"]}, "last_activity": "2021-09-25T00:00:00"}, "lastseen": "2021-10-07T13:42:50", "differentElements": ["href"], "edition": 34}, {"bulletin": {"id": "AKB:F7CCD0B7-220B-49E5-A4DF-27E26B64A3F0", "hash": "f895324dfc94580c2fd6a7d9a0f2f27a", "type": "attackerkb", "bulletinFamily": "info", "title": "CVE-2021-40444", "description": "Microsoft MSHTML Remote Code Execution Vulnerability\n\n \n**Recent assessments:** \n \n**JunquerGJ** at September 07, 2021 10:50pm UTC reported:\n\n * Vulnerable if default behaviour has been changed ( By default, Microsoft Office opens documents from the internet in Protected View or Application Guard for Office both of which prevent the current attack ) \n\n * Requires social engineering to be exploited \n\n * Workaround easy to deploy\n\n**ccondon-r7** at September 07, 2021 7:12pm UTC reported:\n\n * Vulnerable if default behaviour has been changed ( By default, Microsoft Office opens documents from the internet in Protected View or Application Guard for Office both of which prevent the current attack ) \n\n * Requires social engineering to be exploited \n\n * Workaround easy to deploy\n\n**nu11secur1ty** at September 22, 2021 4:28pm UTC reported:\n\n * Vulnerable if default behaviour has been changed ( By default, Microsoft Office opens documents from the internet in Protected View or Application Guard for Office both of which prevent the current attack ) \n\n * Requires social engineering to be exploited \n\n * Workaround easy to deploy\n\n**NinjaOperator** at September 07, 2021 6:45pm UTC reported:\n\n * Vulnerable if default behaviour has been changed ( By default, Microsoft Office opens documents from the internet in Protected View or Application Guard for Office both of which prevent the current attack ) \n\n * Requires social engineering to be exploited \n\n * Workaround easy to deploy\n\nAssessed Attacker Value: 3 \nAssessed Attacker Value: 3Assessed Attacker Value: 2\n", "published": "2021-09-15T00:00:00", "modified": "2021-09-25T00:00:00", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}, "cvss2": {}, "cvss3": {}, "href": "https://attackerkb.com/comments/d5168efc-757d-4584-a59f-dd75d566c156", "reporter": "AttackerKB", "references": ["https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-40444", "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-40444", "http://packetstormsecurity.com/files/164210/Microsoft-Windows-MSHTML-Overview.html"], "cvelist": ["CVE-2021-40444"], "immutableFields": [], "lastseen": "2021-10-07T16:46:24", "history": [], "viewCount": 52, "enchantments": {"dependencies": {"references": [{"type": "cve", "idList": ["CVE-2021-40444"]}, {"type": "kitploit", "idList": ["KITPLOIT:4033244480100620751", "KITPLOIT:942518396640901655", "KITPLOIT:3456474172768099634", "KITPLOIT:698315176468431184", "KITPLOIT:3697667464193804316", "KITPLOIT:5187040326820919368", "KITPLOIT:5550923684662771880", "KITPLOIT:5230148353750207837", "KITPLOIT:5184284878903042540", "KITPLOIT:2590785192528609562", "KITPLOIT:1624142243530526923", "KITPLOIT:4074521293617632933"]}, {"type": "cisa", "idList": ["CISA:C70D91615E3DC8B589B493118D474566"]}, {"type": "securelist", "idList": ["SECURELIST:63306FA6D056BD9A04969409AC790D84"]}, {"type": "mssecure", "idList": ["MSSECURE:795E0A765679492C51FEFA2B19EAD597"]}, {"type": "mmpc", "idList": ["MMPC:795E0A765679492C51FEFA2B19EAD597"]}, {"type": "trendmicroblog", "idList": ["TRENDMICROBLOG:E17B66F8728189778826A0F497A540F2", "TRENDMICROBLOG:E0C479F55DF4C53A47CA2170110555AE"]}, {"type": "mskb", "idList": ["KB5005563"]}, {"type": "threatpost", "idList": ["THREATPOST:62DC935BF4DB4EF8A4F1E83519B1D5CD", "THREATPOST:6D61C560E85ECD0A7A35C55E74849510", "THREATPOST:3C3F20C93519036CC712D1CA3A6D7C48"]}, {"type": "nessus", "idList": ["SMB_NT_MS21_SEP_5005569.NASL", "SMB_NT_MS21_SEP_5005565.NASL", "SMB_NT_MS21_SEP_5005566.NASL", "SMB_NT_MS21_IE_SEPT_2021.NASL", "SMB_NT_MS21_SEP_5005613.NASL", "SMB_NT_MS21_SEP_INTERNET_EXPLORER.NASL", "SMB_NT_MS21_SEP_5005573.NASL", "SMB_NT_MS21_SEP_5005568.NASL"]}, {"type": "kaspersky", "idList": ["KLA12278", "KLA12277"]}, {"type": "malwarebytes", "idList": ["MALWAREBYTES:DB54B348AF1AC41987150B5CE7B1BC66", "MALWAREBYTES:76333D1F0FCAFD79FA2EDD4A4CAFBB38", "MALWAREBYTES:801E20618F96EF51F9E60F7BC7906C2B"]}, {"type": "krebs", "idList": ["KREBS:2EC42B845847A6DCFE50ECEB9FF61C29", "KREBS:409088FC2DFC219B74043104C2B672CC"]}, {"type": "thn", "idList": ["THN:67ECC712AB360F5A56F2434CDBF6B51F", "THN:59AE75C78D4644BFA6AD90225B3DE0C1", "THN:D4E86BD8938D3B2E15104CA4922A51F8"]}, {"type": "mscve", "idList": ["MS:CVE-2021-40444"]}, {"type": "avleonov", "idList": ["AVLEONOV:5945665DFA613F7707360C10CED8C916"]}, {"type": "qualysblog", "idList": ["QUALYSBLOG:5576D16DC39617927D8AEFF027CC0911"]}, {"type": "rapid7blog", "idList": ["RAPID7BLOG:CC071AA6971D64B0F7A596B2BBD5F046"]}], "modified": "2021-10-05T10:41:56", "rev": 2}, "score": {"value": 4.4, "vector": "NONE", "modified": "2021-10-05T10:41:56", "rev": 2}}, "objectVersion": "1.6", "attackerkb": {"attackerValue": 3, "exploitability": 2}, "wildExploited": true, "wildExploitedCategory": {"Vendor Advisory": "", "News Article or Blog": ""}, "wildExploitedReports": [{"category": "Vendor Advisory", "source_url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-40444", "published": "2021-09-07T18:47:00"}, {"category": "Vendor Advisory", "source_url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-40444", "published": "2021-09-07T22:50:00"}, {"category": "Vendor Advisory", "source_url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-40444", "published": "2021-09-09T09:55:00"}, {"category": "News Article or Blog", "source_url": "", "published": "2021-09-10T05:06:00"}, {"category": "Vendor Advisory", "source_url": "https://www.microsoft.com/security/blog/2021/09/15/analyzing-attacks-that-exploit-the-mshtml-cve-2021-40444-vulnerability/", "published": "2021-09-17T14:53:00"}, {"category": "Threat Feed", "source_url": "", "published": "2021-09-17T14:53:00"}], "references_categories": {"Canonical": ["https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-40444"], "Miscellaneous": ["https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-40444", "http://packetstormsecurity.com/files/164210/Microsoft-Windows-MSHTML-Overview.html"]}, "tags": ["requires_interaction", "obscure_configuration"], "mitre_vector": {"Execution": ["Command and Scripting Interpreter: Windows Command Shell(Validated)", "Exploitation for Client Execution(Validated)", "User Execution(Validated)"]}, "last_activity": "2021-09-25T00:00:00"}, "lastseen": "2021-10-07T16:46:24", "differentElements": ["href"], "edition": 35}, {"bulletin": {"id": "AKB:F7CCD0B7-220B-49E5-A4DF-27E26B64A3F0", "hash": "3d52b470d5472513daaca763ba17c977", "type": "attackerkb", "bulletinFamily": "info", "title": "CVE-2021-40444", "description": "Microsoft MSHTML Remote Code Execution Vulnerability\n\n \n**Recent assessments:** \n \n**JunquerGJ** at September 07, 2021 10:50pm UTC reported:\n\n * Vulnerable if default behaviour has been changed ( By default, Microsoft Office opens documents from the internet in Protected View or Application Guard for Office both of which prevent the current attack ) \n\n * Requires social engineering to be exploited \n\n * Workaround easy to deploy\n\n**ccondon-r7** at September 07, 2021 7:12pm UTC reported:\n\n * Vulnerable if default behaviour has been changed ( By default, Microsoft Office opens documents from the internet in Protected View or Application Guard for Office both of which prevent the current attack ) \n\n * Requires social engineering to be exploited \n\n * Workaround easy to deploy\n\n**nu11secur1ty** at September 22, 2021 4:28pm UTC reported:\n\n * Vulnerable if default behaviour has been changed ( By default, Microsoft Office opens documents from the internet in Protected View or Application Guard for Office both of which prevent the current attack ) \n\n * Requires social engineering to be exploited \n\n * Workaround easy to deploy\n\n**NinjaOperator** at September 07, 2021 6:45pm UTC reported:\n\n * Vulnerable if default behaviour has been changed ( By default, Microsoft Office opens documents from the internet in Protected View or Application Guard for Office both of which prevent the current attack ) \n\n * Requires social engineering to be exploited \n\n * Workaround easy to deploy\n\nAssessed Attacker Value: 3 \nAssessed Attacker Value: 3Assessed Attacker Value: 2\n", "published": "2021-09-15T00:00:00", "modified": "2021-09-25T00:00:00", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}, "cvss2": {}, "cvss3": {}, "href": "https://attackerkb.com/topics/6ojqzQoPox/cve-2021-40444", "reporter": "AttackerKB", "references": ["https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-40444", "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-40444", "http://packetstormsecurity.com/files/164210/Microsoft-Windows-MSHTML-Overview.html"], "cvelist": ["CVE-2021-40444"], "immutableFields": [], "lastseen": "2021-10-07T16:46:28", "history": [], "viewCount": 52, "enchantments": {"dependencies": {"references": [{"type": "cve", "idList": ["CVE-2021-40444"]}, {"type": "kitploit", "idList": ["KITPLOIT:4033244480100620751", "KITPLOIT:942518396640901655", "KITPLOIT:3456474172768099634", "KITPLOIT:698315176468431184", "KITPLOIT:3697667464193804316", "KITPLOIT:5187040326820919368", "KITPLOIT:5550923684662771880", "KITPLOIT:5230148353750207837", "KITPLOIT:5184284878903042540", "KITPLOIT:2590785192528609562", "KITPLOIT:1624142243530526923", "KITPLOIT:4074521293617632933"]}, {"type": "cisa", "idList": ["CISA:C70D91615E3DC8B589B493118D474566"]}, {"type": "securelist", "idList": ["SECURELIST:63306FA6D056BD9A04969409AC790D84"]}, {"type": "mssecure", "idList": ["MSSECURE:795E0A765679492C51FEFA2B19EAD597"]}, {"type": "mmpc", "idList": ["MMPC:795E0A765679492C51FEFA2B19EAD597"]}, {"type": "trendmicroblog", "idList": ["TRENDMICROBLOG:E17B66F8728189778826A0F497A540F2", "TRENDMICROBLOG:E0C479F55DF4C53A47CA2170110555AE"]}, {"type": "mskb", "idList": ["KB5005563"]}, {"type": "threatpost", "idList": ["THREATPOST:62DC935BF4DB4EF8A4F1E83519B1D5CD", "THREATPOST:6D61C560E85ECD0A7A35C55E74849510", "THREATPOST:3C3F20C93519036CC712D1CA3A6D7C48"]}, {"type": "nessus", "idList": ["SMB_NT_MS21_SEP_5005569.NASL", "SMB_NT_MS21_SEP_5005565.NASL", "SMB_NT_MS21_SEP_5005566.NASL", "SMB_NT_MS21_IE_SEPT_2021.NASL", "SMB_NT_MS21_SEP_5005613.NASL", "SMB_NT_MS21_SEP_INTERNET_EXPLORER.NASL", "SMB_NT_MS21_SEP_5005573.NASL", "SMB_NT_MS21_SEP_5005568.NASL"]}, {"type": "kaspersky", "idList": ["KLA12278", "KLA12277"]}, {"type": "malwarebytes", "idList": ["MALWAREBYTES:DB54B348AF1AC41987150B5CE7B1BC66", "MALWAREBYTES:76333D1F0FCAFD79FA2EDD4A4CAFBB38", "MALWAREBYTES:801E20618F96EF51F9E60F7BC7906C2B"]}, {"type": "krebs", "idList": ["KREBS:2EC42B845847A6DCFE50ECEB9FF61C29", "KREBS:409088FC2DFC219B74043104C2B672CC"]}, {"type": "thn", "idList": ["THN:67ECC712AB360F5A56F2434CDBF6B51F", "THN:59AE75C78D4644BFA6AD90225B3DE0C1", "THN:D4E86BD8938D3B2E15104CA4922A51F8"]}, {"type": "mscve", "idList": ["MS:CVE-2021-40444"]}, {"type": "avleonov", "idList": ["AVLEONOV:5945665DFA613F7707360C10CED8C916"]}, {"type": "qualysblog", "idList": ["QUALYSBLOG:5576D16DC39617927D8AEFF027CC0911"]}, {"type": "rapid7blog", "idList": ["RAPID7BLOG:CC071AA6971D64B0F7A596B2BBD5F046"]}], "modified": "2021-10-05T10:41:56", "rev": 2}, "score": {"value": 4.4, "vector": "NONE", "modified": "2021-10-05T10:41:56", "rev": 2}}, "objectVersion": "1.6", "attackerkb": {"attackerValue": 3, "exploitability": 2}, "wildExploited": true, "wildExploitedCategory": {"Vendor Advisory": "", "News Article or Blog": ""}, "wildExploitedReports": [{"category": "Vendor Advisory", "source_url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-40444", "published": "2021-09-07T18:47:00"}, {"category": "Vendor Advisory", "source_url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-40444", "published": "2021-09-07T22:50:00"}, {"category": "Vendor Advisory", "source_url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-40444", "published": "2021-09-09T09:55:00"}, {"category": "News Article or Blog", "source_url": "", "published": "2021-09-10T05:06:00"}, {"category": "Vendor Advisory", "source_url": "https://www.microsoft.com/security/blog/2021/09/15/analyzing-attacks-that-exploit-the-mshtml-cve-2021-40444-vulnerability/", "published": "2021-09-17T14:53:00"}, {"category": "Threat Feed", "source_url": "", "published": "2021-09-17T14:53:00"}], "references_categories": {"Canonical": ["https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-40444"], "Miscellaneous": ["https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-40444", "http://packetstormsecurity.com/files/164210/Microsoft-Windows-MSHTML-Overview.html"]}, "tags": ["requires_interaction", "obscure_configuration"], "mitre_vector": {"Execution": ["Command and Scripting Interpreter: Windows Command Shell(Validated)", "Exploitation for Client Execution(Validated)", "User Execution(Validated)"]}, "last_activity": "2021-09-25T00:00:00"}, "lastseen": "2021-10-07T16:46:28", "differentElements": ["href"], "edition": 36}, {"bulletin": {"id": "AKB:F7CCD0B7-220B-49E5-A4DF-27E26B64A3F0", "hash": "f895324dfc94580c2fd6a7d9a0f2f27a", "type": "attackerkb", "bulletinFamily": "info", "title": "CVE-2021-40444", "description": "Microsoft MSHTML Remote Code Execution Vulnerability\n\n \n**Recent assessments:** \n \n**JunquerGJ** at September 07, 2021 10:50pm UTC reported:\n\n * Vulnerable if default behaviour has been changed ( By default, Microsoft Office opens documents from the internet in Protected View or Application Guard for Office both of which prevent the current attack ) \n\n * Requires social engineering to be exploited \n\n * Workaround easy to deploy\n\n**ccondon-r7** at September 07, 2021 7:12pm UTC reported:\n\n * Vulnerable if default behaviour has been changed ( By default, Microsoft Office opens documents from the internet in Protected View or Application Guard for Office both of which prevent the current attack ) \n\n * Requires social engineering to be exploited \n\n * Workaround easy to deploy\n\n**nu11secur1ty** at September 22, 2021 4:28pm UTC reported:\n\n * Vulnerable if default behaviour has been changed ( By default, Microsoft Office opens documents from the internet in Protected View or Application Guard for Office both of which prevent the current attack ) \n\n * Requires social engineering to be exploited \n\n * Workaround easy to deploy\n\n**NinjaOperator** at September 07, 2021 6:45pm UTC reported:\n\n * Vulnerable if default behaviour has been changed ( By default, Microsoft Office opens documents from the internet in Protected View or Application Guard for Office both of which prevent the current attack ) \n\n * Requires social engineering to be exploited \n\n * Workaround easy to deploy\n\nAssessed Attacker Value: 3 \nAssessed Attacker Value: 3Assessed Attacker Value: 2\n", "published": "2021-09-15T00:00:00", "modified": "2021-09-25T00:00:00", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}, "cvss2": {}, "cvss3": {}, "href": "https://attackerkb.com/comments/d5168efc-757d-4584-a59f-dd75d566c156", "reporter": "AttackerKB", "references": ["https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-40444", "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-40444", "http://packetstormsecurity.com/files/164210/Microsoft-Windows-MSHTML-Overview.html"], "cvelist": ["CVE-2021-40444"], "immutableFields": [], "lastseen": "2021-10-07T19:41:08", "history": [], "viewCount": 52, "enchantments": {"dependencies": {"references": [{"type": "cve", "idList": ["CVE-2021-40444"]}, {"type": "kitploit", "idList": ["KITPLOIT:4033244480100620751", "KITPLOIT:942518396640901655", "KITPLOIT:3456474172768099634", "KITPLOIT:698315176468431184", "KITPLOIT:3697667464193804316", "KITPLOIT:5187040326820919368", "KITPLOIT:5550923684662771880", "KITPLOIT:5230148353750207837", "KITPLOIT:5184284878903042540", "KITPLOIT:2590785192528609562", "KITPLOIT:1624142243530526923", "KITPLOIT:4074521293617632933"]}, {"type": "cisa", "idList": ["CISA:C70D91615E3DC8B589B493118D474566"]}, {"type": "securelist", "idList": ["SECURELIST:63306FA6D056BD9A04969409AC790D84"]}, {"type": "mssecure", "idList": ["MSSECURE:795E0A765679492C51FEFA2B19EAD597"]}, {"type": "mmpc", "idList": ["MMPC:795E0A765679492C51FEFA2B19EAD597"]}, {"type": "trendmicroblog", "idList": ["TRENDMICROBLOG:E17B66F8728189778826A0F497A540F2", "TRENDMICROBLOG:E0C479F55DF4C53A47CA2170110555AE"]}, {"type": "mskb", "idList": ["KB5005563"]}, {"type": "threatpost", "idList": ["THREATPOST:62DC935BF4DB4EF8A4F1E83519B1D5CD", "THREATPOST:6D61C560E85ECD0A7A35C55E74849510", "THREATPOST:3C3F20C93519036CC712D1CA3A6D7C48"]}, {"type": "nessus", "idList": ["SMB_NT_MS21_SEP_5005569.NASL", "SMB_NT_MS21_SEP_5005565.NASL", "SMB_NT_MS21_SEP_5005566.NASL", "SMB_NT_MS21_IE_SEPT_2021.NASL", "SMB_NT_MS21_SEP_5005613.NASL", "SMB_NT_MS21_SEP_INTERNET_EXPLORER.NASL", "SMB_NT_MS21_SEP_5005573.NASL", "SMB_NT_MS21_SEP_5005568.NASL"]}, {"type": "kaspersky", "idList": ["KLA12278", "KLA12277"]}, {"type": "malwarebytes", "idList": ["MALWAREBYTES:DB54B348AF1AC41987150B5CE7B1BC66", "MALWAREBYTES:76333D1F0FCAFD79FA2EDD4A4CAFBB38", "MALWAREBYTES:801E20618F96EF51F9E60F7BC7906C2B"]}, {"type": "krebs", "idList": ["KREBS:2EC42B845847A6DCFE50ECEB9FF61C29", "KREBS:409088FC2DFC219B74043104C2B672CC"]}, {"type": "thn", "idList": ["THN:67ECC712AB360F5A56F2434CDBF6B51F", "THN:59AE75C78D4644BFA6AD90225B3DE0C1", "THN:D4E86BD8938D3B2E15104CA4922A51F8"]}, {"type": "mscve", "idList": ["MS:CVE-2021-40444"]}, {"type": "avleonov", "idList": ["AVLEONOV:5945665DFA613F7707360C10CED8C916"]}, {"type": "qualysblog", "idList": ["QUALYSBLOG:5576D16DC39617927D8AEFF027CC0911"]}, {"type": "rapid7blog", "idList": ["RAPID7BLOG:CC071AA6971D64B0F7A596B2BBD5F046"]}], "modified": "2021-10-05T10:41:56", "rev": 2}, "score": {"value": 4.4, "vector": "NONE", "modified": "2021-10-05T10:41:56", "rev": 2}}, "objectVersion": "1.6", "attackerkb": {"attackerValue": 3, "exploitability": 2}, "wildExploited": true, "wildExploitedCategory": {"Vendor Advisory": "", "News Article or Blog": ""}, "wildExploitedReports": [{"category": "Vendor Advisory", "source_url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-40444", "published": "2021-09-07T18:47:00"}, {"category": "Vendor Advisory", "source_url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-40444", "published": "2021-09-07T22:50:00"}, {"category": "Vendor Advisory", "source_url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-40444", "published": "2021-09-09T09:55:00"}, {"category": "News Article or Blog", "source_url": "", "published": "2021-09-10T05:06:00"}, {"category": "Vendor Advisory", "source_url": "https://www.microsoft.com/security/blog/2021/09/15/analyzing-attacks-that-exploit-the-mshtml-cve-2021-40444-vulnerability/", "published": "2021-09-17T14:53:00"}, {"category": "Threat Feed", "source_url": "", "published": "2021-09-17T14:53:00"}], "references_categories": {"Canonical": ["https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-40444"], "Miscellaneous": ["https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-40444", "http://packetstormsecurity.com/files/164210/Microsoft-Windows-MSHTML-Overview.html"]}, "tags": ["requires_interaction", "obscure_configuration"], "mitre_vector": {"Execution": ["Command and Scripting Interpreter: Windows Command Shell(Validated)", "Exploitation for Client Execution(Validated)", "User Execution(Validated)"]}, "last_activity": "2021-09-25T00:00:00"}, "lastseen": "2021-10-07T19:41:08", "differentElements": ["href"], "edition": 37}, {"bulletin": {"id": "AKB:F7CCD0B7-220B-49E5-A4DF-27E26B64A3F0", "hash": "3d52b470d5472513daaca763ba17c977", "type": "attackerkb", "bulletinFamily": "info", "title": "CVE-2021-40444", "description": "Microsoft MSHTML Remote Code Execution Vulnerability\n\n \n**Recent assessments:** \n \n**JunquerGJ** at September 07, 2021 10:50pm UTC reported:\n\n * Vulnerable if default behaviour has been changed ( By default, Microsoft Office opens documents from the internet in Protected View or Application Guard for Office both of which prevent the current attack ) \n\n * Requires social engineering to be exploited \n\n * Workaround easy to deploy\n\n**ccondon-r7** at September 07, 2021 7:12pm UTC reported:\n\n * Vulnerable if default behaviour has been changed ( By default, Microsoft Office opens documents from the internet in Protected View or Application Guard for Office both of which prevent the current attack ) \n\n * Requires social engineering to be exploited \n\n * Workaround easy to deploy\n\n**nu11secur1ty** at September 22, 2021 4:28pm UTC reported:\n\n * Vulnerable if default behaviour has been changed ( By default, Microsoft Office opens documents from the internet in Protected View or Application Guard for Office both of which prevent the current attack ) \n\n * Requires social engineering to be exploited \n\n * Workaround easy to deploy\n\n**NinjaOperator** at September 07, 2021 6:45pm UTC reported:\n\n * Vulnerable if default behaviour has been changed ( By default, Microsoft Office opens documents from the internet in Protected View or Application Guard for Office both of which prevent the current attack ) \n\n * Requires social engineering to be exploited \n\n * Workaround easy to deploy\n\nAssessed Attacker Value: 3 \nAssessed Attacker Value: 3Assessed Attacker Value: 2\n", "published": "2021-09-15T00:00:00", "modified": "2021-09-25T00:00:00", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}, "cvss2": {}, "cvss3": {}, "href": "https://attackerkb.com/topics/6ojqzQoPox/cve-2021-40444", "reporter": "AttackerKB", "references": ["https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-40444", "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-40444", "http://packetstormsecurity.com/files/164210/Microsoft-Windows-MSHTML-Overview.html"], "cvelist": ["CVE-2021-40444"], "immutableFields": [], "lastseen": "2021-10-07T19:41:11", "history": [], "viewCount": 52, "enchantments": {"dependencies": {"references": [{"type": "cve", "idList": ["CVE-2021-40444"]}, {"type": "kitploit", "idList": ["KITPLOIT:4033244480100620751", "KITPLOIT:942518396640901655", "KITPLOIT:3456474172768099634", "KITPLOIT:698315176468431184", "KITPLOIT:3697667464193804316", "KITPLOIT:5187040326820919368", "KITPLOIT:5550923684662771880", "KITPLOIT:5230148353750207837", "KITPLOIT:5184284878903042540", "KITPLOIT:2590785192528609562", "KITPLOIT:1624142243530526923", "KITPLOIT:4074521293617632933"]}, {"type": "cisa", "idList": ["CISA:C70D91615E3DC8B589B493118D474566"]}, {"type": "securelist", "idList": ["SECURELIST:63306FA6D056BD9A04969409AC790D84"]}, {"type": "mssecure", "idList": ["MSSECURE:795E0A765679492C51FEFA2B19EAD597"]}, {"type": "mmpc", "idList": ["MMPC:795E0A765679492C51FEFA2B19EAD597"]}, {"type": "trendmicroblog", "idList": ["TRENDMICROBLOG:E17B66F8728189778826A0F497A540F2", "TRENDMICROBLOG:E0C479F55DF4C53A47CA2170110555AE"]}, {"type": "mskb", "idList": ["KB5005563"]}, {"type": "threatpost", "idList": ["THREATPOST:62DC935BF4DB4EF8A4F1E83519B1D5CD", "THREATPOST:6D61C560E85ECD0A7A35C55E74849510", "THREATPOST:3C3F20C93519036CC712D1CA3A6D7C48"]}, {"type": "nessus", "idList": ["SMB_NT_MS21_SEP_5005569.NASL", "SMB_NT_MS21_SEP_5005565.NASL", "SMB_NT_MS21_SEP_5005566.NASL", "SMB_NT_MS21_IE_SEPT_2021.NASL", "SMB_NT_MS21_SEP_5005613.NASL", "SMB_NT_MS21_SEP_INTERNET_EXPLORER.NASL", "SMB_NT_MS21_SEP_5005573.NASL", "SMB_NT_MS21_SEP_5005568.NASL"]}, {"type": "kaspersky", "idList": ["KLA12278", "KLA12277"]}, {"type": "malwarebytes", "idList": ["MALWAREBYTES:DB54B348AF1AC41987150B5CE7B1BC66", "MALWAREBYTES:76333D1F0FCAFD79FA2EDD4A4CAFBB38", "MALWAREBYTES:801E20618F96EF51F9E60F7BC7906C2B"]}, {"type": "krebs", "idList": ["KREBS:2EC42B845847A6DCFE50ECEB9FF61C29", "KREBS:409088FC2DFC219B74043104C2B672CC"]}, {"type": "thn", "idList": ["THN:67ECC712AB360F5A56F2434CDBF6B51F", "THN:59AE75C78D4644BFA6AD90225B3DE0C1", "THN:D4E86BD8938D3B2E15104CA4922A51F8"]}, {"type": "mscve", "idList": ["MS:CVE-2021-40444"]}, {"type": "avleonov", "idList": ["AVLEONOV:5945665DFA613F7707360C10CED8C916"]}, {"type": "qualysblog", "idList": ["QUALYSBLOG:5576D16DC39617927D8AEFF027CC0911"]}, {"type": "rapid7blog", "idList": ["RAPID7BLOG:CC071AA6971D64B0F7A596B2BBD5F046"]}], "modified": "2021-10-05T10:41:56", "rev": 2}, "score": {"value": 4.4, "vector": "NONE", "modified": "2021-10-05T10:41:56", "rev": 2}}, "objectVersion": "1.6", "attackerkb": {"attackerValue": 3, "exploitability": 2}, "wildExploited": true, "wildExploitedCategory": {"Vendor Advisory": "", "News Article or Blog": ""}, "wildExploitedReports": [{"category": "Vendor Advisory", "source_url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-40444", "published": "2021-09-07T18:47:00"}, {"category": "Vendor Advisory", "source_url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-40444", "published": "2021-09-07T22:50:00"}, {"category": "Vendor Advisory", "source_url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-40444", "published": "2021-09-09T09:55:00"}, {"category": "News Article or Blog", "source_url": "", "published": "2021-09-10T05:06:00"}, {"category": "Vendor Advisory", "source_url": "https://www.microsoft.com/security/blog/2021/09/15/analyzing-attacks-that-exploit-the-mshtml-cve-2021-40444-vulnerability/", "published": "2021-09-17T14:53:00"}, {"category": "Threat Feed", "source_url": "", "published": "2021-09-17T14:53:00"}], "references_categories": {"Canonical": ["https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-40444"], "Miscellaneous": ["https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-40444", "http://packetstormsecurity.com/files/164210/Microsoft-Windows-MSHTML-Overview.html"]}, "tags": ["requires_interaction", "obscure_configuration"], "mitre_vector": {"Execution": ["Command and Scripting Interpreter: Windows Command Shell(Validated)", "Exploitation for Client Execution(Validated)", "User Execution(Validated)"]}, "last_activity": "2021-09-25T00:00:00"}, "lastseen": "2021-10-07T19:41:11", "differentElements": ["href"], "edition": 38}, {"bulletin": {"id": "AKB:F7CCD0B7-220B-49E5-A4DF-27E26B64A3F0", "hash": "f895324dfc94580c2fd6a7d9a0f2f27a", "type": "attackerkb", "bulletinFamily": "info", "title": "CVE-2021-40444", "description": "Microsoft MSHTML Remote Code Execution Vulnerability\n\n \n**Recent assessments:** \n \n**JunquerGJ** at September 07, 2021 10:50pm UTC reported:\n\n * Vulnerable if default behaviour has been changed ( By default, Microsoft Office opens documents from the internet in Protected View or Application Guard for Office both of which prevent the current attack ) \n\n * Requires social engineering to be exploited \n\n * Workaround easy to deploy\n\n**ccondon-r7** at September 07, 2021 7:12pm UTC reported:\n\n * Vulnerable if default behaviour has been changed ( By default, Microsoft Office opens documents from the internet in Protected View or Application Guard for Office both of which prevent the current attack ) \n\n * Requires social engineering to be exploited \n\n * Workaround easy to deploy\n\n**nu11secur1ty** at September 22, 2021 4:28pm UTC reported:\n\n * Vulnerable if default behaviour has been changed ( By default, Microsoft Office opens documents from the internet in Protected View or Application Guard for Office both of which prevent the current attack ) \n\n * Requires social engineering to be exploited \n\n * Workaround easy to deploy\n\n**NinjaOperator** at September 07, 2021 6:45pm UTC reported:\n\n * Vulnerable if default behaviour has been changed ( By default, Microsoft Office opens documents from the internet in Protected View or Application Guard for Office both of which prevent the current attack ) \n\n * Requires social engineering to be exploited \n\n * Workaround easy to deploy\n\nAssessed Attacker Value: 3 \nAssessed Attacker Value: 3Assessed Attacker Value: 2\n", "published": "2021-09-15T00:00:00", "modified": "2021-09-25T00:00:00", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}, "cvss2": {}, "cvss3": {}, "href": "https://attackerkb.com/comments/d5168efc-757d-4584-a59f-dd75d566c156", "reporter": "AttackerKB", "references": ["https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-40444", "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-40444", "http://packetstormsecurity.com/files/164210/Microsoft-Windows-MSHTML-Overview.html"], "cvelist": ["CVE-2021-40444"], "immutableFields": [], "lastseen": "2021-10-07T22:45:59", "history": [], "viewCount": 52, "enchantments": {"dependencies": {"references": [{"type": "cve", "idList": ["CVE-2021-40444"]}, {"type": "kitploit", "idList": ["KITPLOIT:4033244480100620751", "KITPLOIT:942518396640901655", "KITPLOIT:3456474172768099634", "KITPLOIT:698315176468431184", "KITPLOIT:3697667464193804316", "KITPLOIT:5187040326820919368", "KITPLOIT:5550923684662771880", "KITPLOIT:5230148353750207837", "KITPLOIT:5184284878903042540", "KITPLOIT:2590785192528609562", "KITPLOIT:1624142243530526923", "KITPLOIT:4074521293617632933"]}, {"type": "cisa", "idList": ["CISA:C70D91615E3DC8B589B493118D474566"]}, {"type": "securelist", "idList": ["SECURELIST:63306FA6D056BD9A04969409AC790D84"]}, {"type": "mssecure", "idList": ["MSSECURE:795E0A765679492C51FEFA2B19EAD597"]}, {"type": "mmpc", "idList": ["MMPC:795E0A765679492C51FEFA2B19EAD597"]}, {"type": "trendmicroblog", "idList": ["TRENDMICROBLOG:E17B66F8728189778826A0F497A540F2", "TRENDMICROBLOG:E0C479F55DF4C53A47CA2170110555AE"]}, {"type": "mskb", "idList": ["KB5005563"]}, {"type": "threatpost", "idList": ["THREATPOST:62DC935BF4DB4EF8A4F1E83519B1D5CD", "THREATPOST:6D61C560E85ECD0A7A35C55E74849510", "THREATPOST:3C3F20C93519036CC712D1CA3A6D7C48"]}, {"type": "nessus", "idList": ["SMB_NT_MS21_SEP_5005569.NASL", "SMB_NT_MS21_SEP_5005565.NASL", "SMB_NT_MS21_SEP_5005566.NASL", "SMB_NT_MS21_IE_SEPT_2021.NASL", "SMB_NT_MS21_SEP_5005613.NASL", "SMB_NT_MS21_SEP_INTERNET_EXPLORER.NASL", "SMB_NT_MS21_SEP_5005573.NASL", "SMB_NT_MS21_SEP_5005568.NASL"]}, {"type": "kaspersky", "idList": ["KLA12278", "KLA12277"]}, {"type": "malwarebytes", "idList": ["MALWAREBYTES:DB54B348AF1AC41987150B5CE7B1BC66", "MALWAREBYTES:76333D1F0FCAFD79FA2EDD4A4CAFBB38", "MALWAREBYTES:801E20618F96EF51F9E60F7BC7906C2B"]}, {"type": "krebs", "idList": ["KREBS:2EC42B845847A6DCFE50ECEB9FF61C29", "KREBS:409088FC2DFC219B74043104C2B672CC"]}, {"type": "thn", "idList": ["THN:67ECC712AB360F5A56F2434CDBF6B51F", "THN:59AE75C78D4644BFA6AD90225B3DE0C1", "THN:D4E86BD8938D3B2E15104CA4922A51F8"]}, {"type": "mscve", "idList": ["MS:CVE-2021-40444"]}, {"type": "avleonov", "idList": ["AVLEONOV:5945665DFA613F7707360C10CED8C916"]}, {"type": "qualysblog", "idList": ["QUALYSBLOG:5576D16DC39617927D8AEFF027CC0911"]}, {"type": "rapid7blog", "idList": ["RAPID7BLOG:CC071AA6971D64B0F7A596B2BBD5F046"]}], "modified": "2021-10-05T10:41:56", "rev": 2}, "score": {"value": 4.4, "vector": "NONE", "modified": "2021-10-05T10:41:56", "rev": 2}}, "objectVersion": "1.6", "attackerkb": {"attackerValue": 3, "exploitability": 2}, "wildExploited": true, "wildExploitedCategory": {"Vendor Advisory": "", "News Article or Blog": ""}, "wildExploitedReports": [{"category": "Vendor Advisory", "source_url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-40444", "published": "2021-09-07T18:47:00"}, {"category": "Vendor Advisory", "source_url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-40444", "published": "2021-09-07T22:50:00"}, {"category": "Vendor Advisory", "source_url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-40444", "published": "2021-09-09T09:55:00"}, {"category": "News Article or Blog", "source_url": "", "published": "2021-09-10T05:06:00"}, {"category": "Vendor Advisory", "source_url": "https://www.microsoft.com/security/blog/2021/09/15/analyzing-attacks-that-exploit-the-mshtml-cve-2021-40444-vulnerability/", "published": "2021-09-17T14:53:00"}, {"category": "Threat Feed", "source_url": "", "published": "2021-09-17T14:53:00"}], "references_categories": {"Canonical": ["https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-40444"], "Miscellaneous": ["https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-40444", "http://packetstormsecurity.com/files/164210/Microsoft-Windows-MSHTML-Overview.html"]}, "tags": ["requires_interaction", "obscure_configuration"], "mitre_vector": {"Execution": ["Command and Scripting Interpreter: Windows Command Shell(Validated)", "Exploitation for Client Execution(Validated)", "User Execution(Validated)"]}, "last_activity": "2021-09-25T00:00:00"}, "lastseen": "2021-10-07T22:45:59", "differentElements": ["href"], "edition": 39}, {"bulletin": {"id": "AKB:F7CCD0B7-220B-49E5-A4DF-27E26B64A3F0", "hash": "3d52b470d5472513daaca763ba17c977", "type": "attackerkb", "bulletinFamily": "info", "title": "CVE-2021-40444", "description": "Microsoft MSHTML Remote Code Execution Vulnerability\n\n \n**Recent assessments:** \n \n**JunquerGJ** at September 07, 2021 10:50pm UTC reported:\n\n * Vulnerable if default behaviour has been changed ( By default, Microsoft Office opens documents from the internet in Protected View or Application Guard for Office both of which prevent the current attack ) \n\n * Requires social engineering to be exploited \n\n * Workaround easy to deploy\n\n**ccondon-r7** at September 07, 2021 7:12pm UTC reported:\n\n * Vulnerable if default behaviour has been changed ( By default, Microsoft Office opens documents from the internet in Protected View or Application Guard for Office both of which prevent the current attack ) \n\n * Requires social engineering to be exploited \n\n * Workaround easy to deploy\n\n**nu11secur1ty** at September 22, 2021 4:28pm UTC reported:\n\n * Vulnerable if default behaviour has been changed ( By default, Microsoft Office opens documents from the internet in Protected View or Application Guard for Office both of which prevent the current attack ) \n\n * Requires social engineering to be exploited \n\n * Workaround easy to deploy\n\n**NinjaOperator** at September 07, 2021 6:45pm UTC reported:\n\n * Vulnerable if default behaviour has been changed ( By default, Microsoft Office opens documents from the internet in Protected View or Application Guard for Office both of which prevent the current attack ) \n\n * Requires social engineering to be exploited \n\n * Workaround easy to deploy\n\nAssessed Attacker Value: 3 \nAssessed Attacker Value: 3Assessed Attacker Value: 2\n", "published": "2021-09-15T00:00:00", "modified": "2021-09-25T00:00:00", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}, "cvss2": {}, "cvss3": {}, "href": "https://attackerkb.com/topics/6ojqzQoPox/cve-2021-40444", "reporter": "AttackerKB", "references": ["https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-40444", "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-40444", "http://packetstormsecurity.com/files/164210/Microsoft-Windows-MSHTML-Overview.html"], "cvelist": ["CVE-2021-40444"], "immutableFields": [], "lastseen": "2021-10-08T01:44:08", "history": [], "viewCount": 52, "enchantments": {"dependencies": {"references": [{"type": "cve", "idList": ["CVE-2021-40444"]}, {"type": "kitploit", "idList": ["KITPLOIT:4033244480100620751", "KITPLOIT:942518396640901655", "KITPLOIT:3456474172768099634", "KITPLOIT:698315176468431184", "KITPLOIT:3697667464193804316", "KITPLOIT:5187040326820919368", "KITPLOIT:5550923684662771880", "KITPLOIT:5230148353750207837", "KITPLOIT:5184284878903042540", "KITPLOIT:2590785192528609562", "KITPLOIT:1624142243530526923", "KITPLOIT:4074521293617632933"]}, {"type": "cisa", "idList": ["CISA:C70D91615E3DC8B589B493118D474566"]}, {"type": "securelist", "idList": ["SECURELIST:63306FA6D056BD9A04969409AC790D84"]}, {"type": "mssecure", "idList": ["MSSECURE:795E0A765679492C51FEFA2B19EAD597"]}, {"type": "mmpc", "idList": ["MMPC:795E0A765679492C51FEFA2B19EAD597"]}, {"type": "trendmicroblog", "idList": ["TRENDMICROBLOG:E17B66F8728189778826A0F497A540F2", "TRENDMICROBLOG:E0C479F55DF4C53A47CA2170110555AE"]}, {"type": "mskb", "idList": ["KB5005563"]}, {"type": "threatpost", "idList": ["THREATPOST:62DC935BF4DB4EF8A4F1E83519B1D5CD", "THREATPOST:6D61C560E85ECD0A7A35C55E74849510", "THREATPOST:3C3F20C93519036CC712D1CA3A6D7C48"]}, {"type": "nessus", "idList": ["SMB_NT_MS21_SEP_5005569.NASL", "SMB_NT_MS21_SEP_5005565.NASL", "SMB_NT_MS21_SEP_5005566.NASL", "SMB_NT_MS21_IE_SEPT_2021.NASL", "SMB_NT_MS21_SEP_5005613.NASL", "SMB_NT_MS21_SEP_INTERNET_EXPLORER.NASL", "SMB_NT_MS21_SEP_5005573.NASL", "SMB_NT_MS21_SEP_5005568.NASL"]}, {"type": "kaspersky", "idList": ["KLA12278", "KLA12277"]}, {"type": "malwarebytes", "idList": ["MALWAREBYTES:DB54B348AF1AC41987150B5CE7B1BC66", "MALWAREBYTES:76333D1F0FCAFD79FA2EDD4A4CAFBB38", "MALWAREBYTES:801E20618F96EF51F9E60F7BC7906C2B"]}, {"type": "krebs", "idList": ["KREBS:2EC42B845847A6DCFE50ECEB9FF61C29", "KREBS:409088FC2DFC219B74043104C2B672CC"]}, {"type": "thn", "idList": ["THN:67ECC712AB360F5A56F2434CDBF6B51F", "THN:59AE75C78D4644BFA6AD90225B3DE0C1", "THN:D4E86BD8938D3B2E15104CA4922A51F8"]}, {"type": "mscve", "idList": ["MS:CVE-2021-40444"]}, {"type": "avleonov", "idList": ["AVLEONOV:5945665DFA613F7707360C10CED8C916"]}, {"type": "qualysblog", "idList": ["QUALYSBLOG:5576D16DC39617927D8AEFF027CC0911"]}, {"type": "rapid7blog", "idList": ["RAPID7BLOG:CC071AA6971D64B0F7A596B2BBD5F046"]}], "modified": "2021-10-05T10:41:56", "rev": 2}, "score": {"value": 4.4, "vector": "NONE", "modified": "2021-10-05T10:41:56", "rev": 2}}, "objectVersion": "1.6", "attackerkb": {"attackerValue": 3, "exploitability": 2}, "wildExploited": true, "wildExploitedCategory": {"Vendor Advisory": "", "News Article or Blog": ""}, "wildExploitedReports": [{"category": "Vendor Advisory", "source_url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-40444", "published": "2021-09-07T18:47:00"}, {"category": "Vendor Advisory", "source_url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-40444", "published": "2021-09-07T22:50:00"}, {"category": "Vendor Advisory", "source_url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-40444", "published": "2021-09-09T09:55:00"}, {"category": "News Article or Blog", "source_url": "", "published": "2021-09-10T05:06:00"}, {"category": "Vendor Advisory", "source_url": "https://www.microsoft.com/security/blog/2021/09/15/analyzing-attacks-that-exploit-the-mshtml-cve-2021-40444-vulnerability/", "published": "2021-09-17T14:53:00"}, {"category": "Threat Feed", "source_url": "", "published": "2021-09-17T14:53:00"}], "references_categories": {"Canonical": ["https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-40444"], "Miscellaneous": ["https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-40444", "http://packetstormsecurity.com/files/164210/Microsoft-Windows-MSHTML-Overview.html"]}, "tags": ["requires_interaction", "obscure_configuration"], "mitre_vector": {"Execution": ["Command and Scripting Interpreter: Windows Command Shell(Validated)", "Exploitation for Client Execution(Validated)", "User Execution(Validated)"]}, "last_activity": "2021-09-25T00:00:00"}, "lastseen": "2021-10-08T01:44:08", "differentElements": ["href"], "edition": 40}, {"bulletin": {"id": "AKB:F7CCD0B7-220B-49E5-A4DF-27E26B64A3F0", "hash": "f895324dfc94580c2fd6a7d9a0f2f27a", "type": "attackerkb", "bulletinFamily": "info", "title": "CVE-2021-40444", "description": "Microsoft MSHTML Remote Code Execution Vulnerability\n\n \n**Recent assessments:** \n \n**JunquerGJ** at September 07, 2021 10:50pm UTC reported:\n\n * Vulnerable if default behaviour has been changed ( By default, Microsoft Office opens documents from the internet in Protected View or Application Guard for Office both of which prevent the current attack ) \n\n * Requires social engineering to be exploited \n\n * Workaround easy to deploy\n\n**ccondon-r7** at September 07, 2021 7:12pm UTC reported:\n\n * Vulnerable if default behaviour has been changed ( By default, Microsoft Office opens documents from the internet in Protected View or Application Guard for Office both of which prevent the current attack ) \n\n * Requires social engineering to be exploited \n\n * Workaround easy to deploy\n\n**nu11secur1ty** at September 22, 2021 4:28pm UTC reported:\n\n * Vulnerable if default behaviour has been changed ( By default, Microsoft Office opens documents from the internet in Protected View or Application Guard for Office both of which prevent the current attack ) \n\n * Requires social engineering to be exploited \n\n * Workaround easy to deploy\n\n**NinjaOperator** at September 07, 2021 6:45pm UTC reported:\n\n * Vulnerable if default behaviour has been changed ( By default, Microsoft Office opens documents from the internet in Protected View or Application Guard for Office both of which prevent the current attack ) \n\n * Requires social engineering to be exploited \n\n * Workaround easy to deploy\n\nAssessed Attacker Value: 3 \nAssessed Attacker Value: 3Assessed Attacker Value: 2\n", "published": "2021-09-15T00:00:00", "modified": "2021-09-25T00:00:00", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}, "cvss2": {}, "cvss3": {}, "href": "https://attackerkb.com/comments/d5168efc-757d-4584-a59f-dd75d566c156", "reporter": "AttackerKB", "references": ["https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-40444", "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-40444", "http://packetstormsecurity.com/files/164210/Microsoft-Windows-MSHTML-Overview.html"], "cvelist": ["CVE-2021-40444"], "immutableFields": [], "lastseen": "2021-10-08T04:42:57", "history": [], "viewCount": 52, "enchantments": {"dependencies": {"references": [{"type": "cve", "idList": ["CVE-2021-40444"]}, {"type": "kitploit", "idList": ["KITPLOIT:4033244480100620751", "KITPLOIT:942518396640901655", "KITPLOIT:3456474172768099634", "KITPLOIT:698315176468431184", "KITPLOIT:3697667464193804316", "KITPLOIT:5187040326820919368", "KITPLOIT:5550923684662771880", "KITPLOIT:5230148353750207837", "KITPLOIT:5184284878903042540", "KITPLOIT:2590785192528609562", "KITPLOIT:1624142243530526923", "KITPLOIT:4074521293617632933"]}, {"type": "cisa", "idList": ["CISA:C70D91615E3DC8B589B493118D474566"]}, {"type": "securelist", "idList": ["SECURELIST:63306FA6D056BD9A04969409AC790D84"]}, {"type": "mssecure", "idList": ["MSSECURE:795E0A765679492C51FEFA2B19EAD597"]}, {"type": "mmpc", "idList": ["MMPC:795E0A765679492C51FEFA2B19EAD597"]}, {"type": "trendmicroblog", "idList": ["TRENDMICROBLOG:E17B66F8728189778826A0F497A540F2", "TRENDMICROBLOG:E0C479F55DF4C53A47CA2170110555AE"]}, {"type": "mskb", "idList": ["KB5005563"]}, {"type": "threatpost", "idList": ["THREATPOST:62DC935BF4DB4EF8A4F1E83519B1D5CD", "THREATPOST:6D61C560E85ECD0A7A35C55E74849510", "THREATPOST:3C3F20C93519036CC712D1CA3A6D7C48"]}, {"type": "nessus", "idList": ["SMB_NT_MS21_SEP_5005569.NASL", "SMB_NT_MS21_SEP_5005565.NASL", "SMB_NT_MS21_SEP_5005566.NASL", "SMB_NT_MS21_IE_SEPT_2021.NASL", "SMB_NT_MS21_SEP_5005613.NASL", "SMB_NT_MS21_SEP_INTERNET_EXPLORER.NASL", "SMB_NT_MS21_SEP_5005573.NASL", "SMB_NT_MS21_SEP_5005568.NASL"]}, {"type": "kaspersky", "idList": ["KLA12278", "KLA12277"]}, {"type": "malwarebytes", "idList": ["MALWAREBYTES:DB54B348AF1AC41987150B5CE7B1BC66", "MALWAREBYTES:76333D1F0FCAFD79FA2EDD4A4CAFBB38", "MALWAREBYTES:801E20618F96EF51F9E60F7BC7906C2B"]}, {"type": "krebs", "idList": ["KREBS:2EC42B845847A6DCFE50ECEB9FF61C29", "KREBS:409088FC2DFC219B74043104C2B672CC"]}, {"type": "thn", "idList": ["THN:67ECC712AB360F5A56F2434CDBF6B51F", "THN:59AE75C78D4644BFA6AD90225B3DE0C1", "THN:D4E86BD8938D3B2E15104CA4922A51F8"]}, {"type": "mscve", "idList": ["MS:CVE-2021-40444"]}, {"type": "avleonov", "idList": ["AVLEONOV:5945665DFA613F7707360C10CED8C916"]}, {"type": "qualysblog", "idList": ["QUALYSBLOG:5576D16DC39617927D8AEFF027CC0911"]}, {"type": "rapid7blog", "idList": ["RAPID7BLOG:CC071AA6971D64B0F7A596B2BBD5F046"]}], "modified": "2021-10-05T10:41:56", "rev": 2}, "score": {"value": 4.4, "vector": "NONE", "modified": "2021-10-05T10:41:56", "rev": 2}}, "objectVersion": "1.6", "attackerkb": {"attackerValue": 3, "exploitability": 2}, "wildExploited": true, "wildExploitedCategory": {"Vendor Advisory": "", "News Article or Blog": ""}, "wildExploitedReports": [{"category": "Vendor Advisory", "source_url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-40444", "published": "2021-09-07T18:47:00"}, {"category": "Vendor Advisory", "source_url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-40444", "published": "2021-09-07T22:50:00"}, {"category": "Vendor Advisory", "source_url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-40444", "published": "2021-09-09T09:55:00"}, {"category": "News Article or Blog", "source_url": "", "published": "2021-09-10T05:06:00"}, {"category": "Vendor Advisory", "source_url": "https://www.microsoft.com/security/blog/2021/09/15/analyzing-attacks-that-exploit-the-mshtml-cve-2021-40444-vulnerability/", "published": "2021-09-17T14:53:00"}, {"category": "Threat Feed", "source_url": "", "published": "2021-09-17T14:53:00"}], "references_categories": {"Canonical": ["https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-40444"], "Miscellaneous": ["https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-40444", "http://packetstormsecurity.com/files/164210/Microsoft-Windows-MSHTML-Overview.html"]}, "tags": ["requires_interaction", "obscure_configuration"], "mitre_vector": {"Execution": ["Command and Scripting Interpreter: Windows Command Shell(Validated)", "Exploitation for Client Execution(Validated)", "User Execution(Validated)"]}, "last_activity": "2021-09-25T00:00:00"}, "lastseen": "2021-10-08T04:42:57", "differentElements": ["href"], "edition": 41}, {"bulletin": {"id": "AKB:F7CCD0B7-220B-49E5-A4DF-27E26B64A3F0", "hash": "3d52b470d5472513daaca763ba17c977", "type": "attackerkb", "bulletinFamily": "info", "title": "CVE-2021-40444", "description": "Microsoft MSHTML Remote Code Execution Vulnerability\n\n \n**Recent assessments:** \n \n**JunquerGJ** at September 07, 2021 10:50pm UTC reported:\n\n * Vulnerable if default behaviour has been changed ( By default, Microsoft Office opens documents from the internet in Protected View or Application Guard for Office both of which prevent the current attack ) \n\n * Requires social engineering to be exploited \n\n * Workaround easy to deploy\n\n**ccondon-r7** at September 07, 2021 7:12pm UTC reported:\n\n * Vulnerable if default behaviour has been changed ( By default, Microsoft Office opens documents from the internet in Protected View or Application Guard for Office both of which prevent the current attack ) \n\n * Requires social engineering to be exploited \n\n * Workaround easy to deploy\n\n**nu11secur1ty** at September 22, 2021 4:28pm UTC reported:\n\n * Vulnerable if default behaviour has been changed ( By default, Microsoft Office opens documents from the internet in Protected View or Application Guard for Office both of which prevent the current attack ) \n\n * Requires social engineering to be exploited \n\n * Workaround easy to deploy\n\n**NinjaOperator** at September 07, 2021 6:45pm UTC reported:\n\n * Vulnerable if default behaviour has been changed ( By default, Microsoft Office opens documents from the internet in Protected View or Application Guard for Office both of which prevent the current attack ) \n\n * Requires social engineering to be exploited \n\n * Workaround easy to deploy\n\nAssessed Attacker Value: 3 \nAssessed Attacker Value: 3Assessed Attacker Value: 2\n", "published": "2021-09-15T00:00:00", "modified": "2021-09-25T00:00:00", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}, "cvss2": {}, "cvss3": {}, "href": "https://attackerkb.com/topics/6ojqzQoPox/cve-2021-40444", "reporter": "AttackerKB", "references": ["https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-40444", "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-40444", "http://packetstormsecurity.com/files/164210/Microsoft-Windows-MSHTML-Overview.html"], "cvelist": ["CVE-2021-40444"], "immutableFields": [], "lastseen": "2021-10-08T07:42:55", "history": [], "viewCount": 52, "enchantments": {"dependencies": {"references": [{"type": "cve", "idList": ["CVE-2021-40444"]}, {"type": "kitploit", "idList": ["KITPLOIT:4033244480100620751", "KITPLOIT:942518396640901655", "KITPLOIT:3456474172768099634", "KITPLOIT:698315176468431184", "KITPLOIT:3697667464193804316", "KITPLOIT:5187040326820919368", "KITPLOIT:5550923684662771880", "KITPLOIT:5230148353750207837", "KITPLOIT:5184284878903042540", "KITPLOIT:2590785192528609562", "KITPLOIT:1624142243530526923", "KITPLOIT:4074521293617632933"]}, {"type": "cisa", "idList": ["CISA:C70D91615E3DC8B589B493118D474566"]}, {"type": "securelist", "idList": ["SECURELIST:63306FA6D056BD9A04969409AC790D84"]}, {"type": "mssecure", "idList": ["MSSECURE:795E0A765679492C51FEFA2B19EAD597"]}, {"type": "mmpc", "idList": ["MMPC:795E0A765679492C51FEFA2B19EAD597"]}, {"type": "trendmicroblog", "idList": ["TRENDMICROBLOG:E17B66F8728189778826A0F497A540F2", "TRENDMICROBLOG:E0C479F55DF4C53A47CA2170110555AE"]}, {"type": "mskb", "idList": ["KB5005563"]}, {"type": "threatpost", "idList": ["THREATPOST:62DC935BF4DB4EF8A4F1E83519B1D5CD", "THREATPOST:6D61C560E85ECD0A7A35C55E74849510", "THREATPOST:3C3F20C93519036CC712D1CA3A6D7C48"]}, {"type": "nessus", "idList": ["SMB_NT_MS21_SEP_5005569.NASL", "SMB_NT_MS21_SEP_5005565.NASL", "SMB_NT_MS21_SEP_5005566.NASL", "SMB_NT_MS21_IE_SEPT_2021.NASL", "SMB_NT_MS21_SEP_5005613.NASL", "SMB_NT_MS21_SEP_INTERNET_EXPLORER.NASL", "SMB_NT_MS21_SEP_5005573.NASL", "SMB_NT_MS21_SEP_5005568.NASL"]}, {"type": "kaspersky", "idList": ["KLA12278", "KLA12277"]}, {"type": "malwarebytes", "idList": ["MALWAREBYTES:DB54B348AF1AC41987150B5CE7B1BC66", "MALWAREBYTES:76333D1F0FCAFD79FA2EDD4A4CAFBB38", "MALWAREBYTES:801E20618F96EF51F9E60F7BC7906C2B"]}, {"type": "krebs", "idList": ["KREBS:2EC42B845847A6DCFE50ECEB9FF61C29", "KREBS:409088FC2DFC219B74043104C2B672CC"]}, {"type": "thn", "idList": ["THN:67ECC712AB360F5A56F2434CDBF6B51F", "THN:59AE75C78D4644BFA6AD90225B3DE0C1", "THN:D4E86BD8938D3B2E15104CA4922A51F8"]}, {"type": "mscve", "idList": ["MS:CVE-2021-40444"]}, {"type": "avleonov", "idList": ["AVLEONOV:5945665DFA613F7707360C10CED8C916"]}, {"type": "qualysblog", "idList": ["QUALYSBLOG:5576D16DC39617927D8AEFF027CC0911"]}, {"type": "rapid7blog", "idList": ["RAPID7BLOG:CC071AA6971D64B0F7A596B2BBD5F046"]}], "modified": "2021-10-05T10:41:56", "rev": 2}, "score": {"value": 4.4, "vector": "NONE", "modified": "2021-10-05T10:41:56", "rev": 2}}, "objectVersion": "1.6", "attackerkb": {"attackerValue": 3, "exploitability": 2}, "wildExploited": true, "wildExploitedCategory": {"Vendor Advisory": "", "News Article or Blog": ""}, "wildExploitedReports": [{"category": "Vendor Advisory", "source_url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-40444", "published": "2021-09-07T18:47:00"}, {"category": "Vendor Advisory", "source_url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-40444", "published": "2021-09-07T22:50:00"}, {"category": "Vendor Advisory", "source_url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-40444", "published": "2021-09-09T09:55:00"}, {"category": "News Article or Blog", "source_url": "", "published": "2021-09-10T05:06:00"}, {"category": "Vendor Advisory", "source_url": "https://www.microsoft.com/security/blog/2021/09/15/analyzing-attacks-that-exploit-the-mshtml-cve-2021-40444-vulnerability/", "published": "2021-09-17T14:53:00"}, {"category": "Threat Feed", "source_url": "", "published": "2021-09-17T14:53:00"}], "references_categories": {"Canonical": ["https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-40444"], "Miscellaneous": ["https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-40444", "http://packetstormsecurity.com/files/164210/Microsoft-Windows-MSHTML-Overview.html"]}, "tags": ["requires_interaction", "obscure_configuration"], "mitre_vector": {"Execution": ["Command and Scripting Interpreter: Windows Command Shell(Validated)", "Exploitation for Client Execution(Validated)", "User Execution(Validated)"]}, "last_activity": "2021-09-25T00:00:00"}, "lastseen": "2021-10-08T07:42:55", "differentElements": ["href"], "edition": 42}, {"bulletin": {"id": "AKB:F7CCD0B7-220B-49E5-A4DF-27E26B64A3F0", "hash": "f895324dfc94580c2fd6a7d9a0f2f27a", "type": "attackerkb", "bulletinFamily": "info", "title": "CVE-2021-40444", "description": "Microsoft MSHTML Remote Code Execution Vulnerability\n\n \n**Recent assessments:** \n \n**JunquerGJ** at September 07, 2021 10:50pm UTC reported:\n\n * Vulnerable if default behaviour has been changed ( By default, Microsoft Office opens documents from the internet in Protected View or Application Guard for Office both of which prevent the current attack ) \n\n * Requires social engineering to be exploited \n\n * Workaround easy to deploy\n\n**ccondon-r7** at September 07, 2021 7:12pm UTC reported:\n\n * Vulnerable if default behaviour has been changed ( By default, Microsoft Office opens documents from the internet in Protected View or Application Guard for Office both of which prevent the current attack ) \n\n * Requires social engineering to be exploited \n\n * Workaround easy to deploy\n\n**nu11secur1ty** at September 22, 2021 4:28pm UTC reported:\n\n * Vulnerable if default behaviour has been changed ( By default, Microsoft Office opens documents from the internet in Protected View or Application Guard for Office both of which prevent the current attack ) \n\n * Requires social engineering to be exploited \n\n * Workaround easy to deploy\n\n**NinjaOperator** at September 07, 2021 6:45pm UTC reported:\n\n * Vulnerable if default behaviour has been changed ( By default, Microsoft Office opens documents from the internet in Protected View or Application Guard for Office both of which prevent the current attack ) \n\n * Requires social engineering to be exploited \n\n * Workaround easy to deploy\n\nAssessed Attacker Value: 3 \nAssessed Attacker Value: 3Assessed Attacker Value: 2\n", "published": "2021-09-15T00:00:00", "modified": "2021-09-25T00:00:00", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}, "cvss2": {}, "cvss3": {}, "href": "https://attackerkb.com/comments/d5168efc-757d-4584-a59f-dd75d566c156", "reporter": "AttackerKB", "references": ["https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-40444", "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-40444", "http://packetstormsecurity.com/files/164210/Microsoft-Windows-MSHTML-Overview.html"], "cvelist": ["CVE-2021-40444"], "immutableFields": [], "lastseen": "2021-10-08T07:43:11", "history": [], "viewCount": 52, "enchantments": {"dependencies": {"references": [{"type": "cve", "idList": ["CVE-2021-40444"]}, {"type": "kitploit", "idList": ["KITPLOIT:4033244480100620751", "KITPLOIT:942518396640901655", "KITPLOIT:3456474172768099634", "KITPLOIT:698315176468431184", "KITPLOIT:3697667464193804316", "KITPLOIT:5187040326820919368", "KITPLOIT:5550923684662771880", "KITPLOIT:5230148353750207837", "KITPLOIT:5184284878903042540", "KITPLOIT:2590785192528609562", "KITPLOIT:1624142243530526923", "KITPLOIT:4074521293617632933"]}, {"type": "cisa", "idList": ["CISA:C70D91615E3DC8B589B493118D474566"]}, {"type": "securelist", "idList": ["SECURELIST:63306FA6D056BD9A04969409AC790D84"]}, {"type": "mssecure", "idList": ["MSSECURE:795E0A765679492C51FEFA2B19EAD597"]}, {"type": "mmpc", "idList": ["MMPC:795E0A765679492C51FEFA2B19EAD597"]}, {"type": "trendmicroblog", "idList": ["TRENDMICROBLOG:E17B66F8728189778826A0F497A540F2", "TRENDMICROBLOG:E0C479F55DF4C53A47CA2170110555AE"]}, {"type": "mskb", "idList": ["KB5005563"]}, {"type": "threatpost", "idList": ["THREATPOST:62DC935BF4DB4EF8A4F1E83519B1D5CD", "THREATPOST:6D61C560E85ECD0A7A35C55E74849510", "THREATPOST:3C3F20C93519036CC712D1CA3A6D7C48"]}, {"type": "nessus", "idList": ["SMB_NT_MS21_SEP_5005569.NASL", "SMB_NT_MS21_SEP_5005565.NASL", "SMB_NT_MS21_SEP_5005566.NASL", "SMB_NT_MS21_IE_SEPT_2021.NASL", "SMB_NT_MS21_SEP_5005613.NASL", "SMB_NT_MS21_SEP_INTERNET_EXPLORER.NASL", "SMB_NT_MS21_SEP_5005573.NASL", "SMB_NT_MS21_SEP_5005568.NASL"]}, {"type": "kaspersky", "idList": ["KLA12278", "KLA12277"]}, {"type": "malwarebytes", "idList": ["MALWAREBYTES:DB54B348AF1AC41987150B5CE7B1BC66", "MALWAREBYTES:76333D1F0FCAFD79FA2EDD4A4CAFBB38", "MALWAREBYTES:801E20618F96EF51F9E60F7BC7906C2B"]}, {"type": "krebs", "idList": ["KREBS:2EC42B845847A6DCFE50ECEB9FF61C29", "KREBS:409088FC2DFC219B74043104C2B672CC"]}, {"type": "thn", "idList": ["THN:67ECC712AB360F5A56F2434CDBF6B51F", "THN:59AE75C78D4644BFA6AD90225B3DE0C1", "THN:D4E86BD8938D3B2E15104CA4922A51F8"]}, {"type": "mscve", "idList": ["MS:CVE-2021-40444"]}, {"type": "avleonov", "idList": ["AVLEONOV:5945665DFA613F7707360C10CED8C916"]}, {"type": "qualysblog", "idList": ["QUALYSBLOG:5576D16DC39617927D8AEFF027CC0911"]}, {"type": "rapid7blog", "idList": ["RAPID7BLOG:CC071AA6971D64B0F7A596B2BBD5F046"]}], "modified": "2021-10-05T10:41:56", "rev": 2}, "score": {"value": 4.4, "vector": "NONE", "modified": "2021-10-05T10:41:56", "rev": 2}}, "objectVersion": "1.6", "attackerkb": {"attackerValue": 3, "exploitability": 2}, "wildExploited": true, "wildExploitedCategory": {"Vendor Advisory": "", "News Article or Blog": ""}, "wildExploitedReports": [{"category": "Vendor Advisory", "source_url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-40444", "published": "2021-09-07T18:47:00"}, {"category": "Vendor Advisory", "source_url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-40444", "published": "2021-09-07T22:50:00"}, {"category": "Vendor Advisory", "source_url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-40444", "published": "2021-09-09T09:55:00"}, {"category": "News Article or Blog", "source_url": "", "published": "2021-09-10T05:06:00"}, {"category": "Vendor Advisory", "source_url": "https://www.microsoft.com/security/blog/2021/09/15/analyzing-attacks-that-exploit-the-mshtml-cve-2021-40444-vulnerability/", "published": "2021-09-17T14:53:00"}, {"category": "Threat Feed", "source_url": "", "published": "2021-09-17T14:53:00"}], "references_categories": {"Canonical": ["https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-40444"], "Miscellaneous": ["https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-40444", "http://packetstormsecurity.com/files/164210/Microsoft-Windows-MSHTML-Overview.html"]}, "tags": ["requires_interaction", "obscure_configuration"], "mitre_vector": {"Execution": ["Command and Scripting Interpreter: Windows Command Shell(Validated)", "Exploitation for Client Execution(Validated)", "User Execution(Validated)"]}, "last_activity": "2021-09-25T00:00:00"}, "lastseen": "2021-10-08T07:43:11", "differentElements": ["href"], "edition": 43}, {"bulletin": {"id": "AKB:F7CCD0B7-220B-49E5-A4DF-27E26B64A3F0", "hash": "3d52b470d5472513daaca763ba17c977", "type": "attackerkb", "bulletinFamily": "info", "title": "CVE-2021-40444", "description": "Microsoft MSHTML Remote Code Execution Vulnerability\n\n \n**Recent assessments:** \n \n**JunquerGJ** at September 07, 2021 10:50pm UTC reported:\n\n * Vulnerable if default behaviour has been changed ( By default, Microsoft Office opens documents from the internet in Protected View or Application Guard for Office both of which prevent the current attack ) \n\n * Requires social engineering to be exploited \n\n * Workaround easy to deploy\n\n**ccondon-r7** at September 07, 2021 7:12pm UTC reported:\n\n * Vulnerable if default behaviour has been changed ( By default, Microsoft Office opens documents from the internet in Protected View or Application Guard for Office both of which prevent the current attack ) \n\n * Requires social engineering to be exploited \n\n * Workaround easy to deploy\n\n**nu11secur1ty** at September 22, 2021 4:28pm UTC reported:\n\n * Vulnerable if default behaviour has been changed ( By default, Microsoft Office opens documents from the internet in Protected View or Application Guard for Office both of which prevent the current attack ) \n\n * Requires social engineering to be exploited \n\n * Workaround easy to deploy\n\n**NinjaOperator** at September 07, 2021 6:45pm UTC reported:\n\n * Vulnerable if default behaviour has been changed ( By default, Microsoft Office opens documents from the internet in Protected View or Application Guard for Office both of which prevent the current attack ) \n\n * Requires social engineering to be exploited \n\n * Workaround easy to deploy\n\nAssessed Attacker Value: 3 \nAssessed Attacker Value: 3Assessed Attacker Value: 2\n", "published": "2021-09-15T00:00:00", "modified": "2021-09-25T00:00:00", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}, "cvss2": {}, "cvss3": {}, "href": "https://attackerkb.com/topics/6ojqzQoPox/cve-2021-40444", "reporter": "AttackerKB", "references": ["https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-40444", "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-40444", "http://packetstormsecurity.com/files/164210/Microsoft-Windows-MSHTML-Overview.html"], "cvelist": ["CVE-2021-40444"], "immutableFields": [], "lastseen": "2021-10-08T11:11:05", "history": [], "viewCount": 52, "enchantments": {"dependencies": {"references": [{"type": "cve", "idList": ["CVE-2021-40444"]}, {"type": "kitploit", "idList": ["KITPLOIT:4033244480100620751", "KITPLOIT:942518396640901655", "KITPLOIT:3456474172768099634", "KITPLOIT:698315176468431184", "KITPLOIT:3697667464193804316", "KITPLOIT:5187040326820919368", "KITPLOIT:5550923684662771880", "KITPLOIT:5230148353750207837", "KITPLOIT:5184284878903042540", "KITPLOIT:2590785192528609562", "KITPLOIT:1624142243530526923", "KITPLOIT:4074521293617632933"]}, {"type": "cisa", "idList": ["CISA:C70D91615E3DC8B589B493118D474566"]}, {"type": "securelist", "idList": ["SECURELIST:63306FA6D056BD9A04969409AC790D84"]}, {"type": "mssecure", "idList": ["MSSECURE:795E0A765679492C51FEFA2B19EAD597"]}, {"type": "mmpc", "idList": ["MMPC:795E0A765679492C51FEFA2B19EAD597"]}, {"type": "trendmicroblog", "idList": ["TRENDMICROBLOG:E17B66F8728189778826A0F497A540F2", "TRENDMICROBLOG:E0C479F55DF4C53A47CA2170110555AE"]}, {"type": "mskb", "idList": ["KB5005563"]}, {"type": "threatpost", "idList": ["THREATPOST:62DC935BF4DB4EF8A4F1E83519B1D5CD", "THREATPOST:6D61C560E85ECD0A7A35C55E74849510", "THREATPOST:3C3F20C93519036CC712D1CA3A6D7C48"]}, {"type": "nessus", "idList": ["SMB_NT_MS21_SEP_5005569.NASL", "SMB_NT_MS21_SEP_5005565.NASL", "SMB_NT_MS21_SEP_5005566.NASL", "SMB_NT_MS21_IE_SEPT_2021.NASL", "SMB_NT_MS21_SEP_5005613.NASL", "SMB_NT_MS21_SEP_INTERNET_EXPLORER.NASL", "SMB_NT_MS21_SEP_5005573.NASL", "SMB_NT_MS21_SEP_5005568.NASL"]}, {"type": "kaspersky", "idList": ["KLA12278", "KLA12277"]}, {"type": "malwarebytes", "idList": ["MALWAREBYTES:DB54B348AF1AC41987150B5CE7B1BC66", "MALWAREBYTES:76333D1F0FCAFD79FA2EDD4A4CAFBB38", "MALWAREBYTES:801E20618F96EF51F9E60F7BC7906C2B"]}, {"type": "krebs", "idList": ["KREBS:2EC42B845847A6DCFE50ECEB9FF61C29", "KREBS:409088FC2DFC219B74043104C2B672CC"]}, {"type": "thn", "idList": ["THN:67ECC712AB360F5A56F2434CDBF6B51F", "THN:59AE75C78D4644BFA6AD90225B3DE0C1", "THN:D4E86BD8938D3B2E15104CA4922A51F8"]}, {"type": "mscve", "idList": ["MS:CVE-2021-40444"]}, {"type": "avleonov", "idList": ["AVLEONOV:5945665DFA613F7707360C10CED8C916"]}, {"type": "qualysblog", "idList": ["QUALYSBLOG:5576D16DC39617927D8AEFF027CC0911"]}, {"type": "rapid7blog", "idList": ["RAPID7BLOG:CC071AA6971D64B0F7A596B2BBD5F046"]}], "modified": "2021-10-05T10:41:56", "rev": 2}, "score": {"value": 4.4, "vector": "NONE", "modified": "2021-10-05T10:41:56", "rev": 2}}, "objectVersion": "1.6", "attackerkb": {"attackerValue": 3, "exploitability": 2}, "wildExploited": true, "wildExploitedCategory": {"Vendor Advisory": "", "News Article or Blog": ""}, "wildExploitedReports": [{"category": "Vendor Advisory", "source_url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-40444", "published": "2021-09-07T18:47:00"}, {"category": "Vendor Advisory", "source_url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-40444", "published": "2021-09-07T22:50:00"}, {"category": "Vendor Advisory", "source_url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-40444", "published": "2021-09-09T09:55:00"}, {"category": "News Article or Blog", "source_url": "", "published": "2021-09-10T05:06:00"}, {"category": "Vendor Advisory", "source_url": "https://www.microsoft.com/security/blog/2021/09/15/analyzing-attacks-that-exploit-the-mshtml-cve-2021-40444-vulnerability/", "published": "2021-09-17T14:53:00"}, {"category": "Threat Feed", "source_url": "", "published": "2021-09-17T14:53:00"}], "references_categories": {"Canonical": ["https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-40444"], "Miscellaneous": ["https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-40444", "http://packetstormsecurity.com/files/164210/Microsoft-Windows-MSHTML-Overview.html"]}, "tags": ["requires_interaction", "obscure_configuration"], "mitre_vector": {"Execution": ["Command and Scripting Interpreter: Windows Command Shell(Validated)", "Exploitation for Client Execution(Validated)", "User Execution(Validated)"]}, "last_activity": "2021-09-25T00:00:00"}, "lastseen": "2021-10-08T11:11:05", "differentElements": ["href"], "edition": 44}, {"bulletin": {"id": "AKB:F7CCD0B7-220B-49E5-A4DF-27E26B64A3F0", "hash": "f895324dfc94580c2fd6a7d9a0f2f27a", "type": "attackerkb", "bulletinFamily": "info", "title": "CVE-2021-40444", "description": "Microsoft MSHTML Remote Code Execution Vulnerability\n\n \n**Recent assessments:** \n \n**JunquerGJ** at September 07, 2021 10:50pm UTC reported:\n\n * Vulnerable if default behaviour has been changed ( By default, Microsoft Office opens documents from the internet in Protected View or Application Guard for Office both of which prevent the current attack ) \n\n * Requires social engineering to be exploited \n\n * Workaround easy to deploy\n\n**ccondon-r7** at September 07, 2021 7:12pm UTC reported:\n\n * Vulnerable if default behaviour has been changed ( By default, Microsoft Office opens documents from the internet in Protected View or Application Guard for Office both of which prevent the current attack ) \n\n * Requires social engineering to be exploited \n\n * Workaround easy to deploy\n\n**nu11secur1ty** at September 22, 2021 4:28pm UTC reported:\n\n * Vulnerable if default behaviour has been changed ( By default, Microsoft Office opens documents from the internet in Protected View or Application Guard for Office both of which prevent the current attack ) \n\n * Requires social engineering to be exploited \n\n * Workaround easy to deploy\n\n**NinjaOperator** at September 07, 2021 6:45pm UTC reported:\n\n * Vulnerable if default behaviour has been changed ( By default, Microsoft Office opens documents from the internet in Protected View or Application Guard for Office both of which prevent the current attack ) \n\n * Requires social engineering to be exploited \n\n * Workaround easy to deploy\n\nAssessed Attacker Value: 3 \nAssessed Attacker Value: 3Assessed Attacker Value: 2\n", "published": "2021-09-15T00:00:00", "modified": "2021-09-25T00:00:00", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}, "cvss2": {}, "cvss3": {}, "href": "https://attackerkb.com/comments/d5168efc-757d-4584-a59f-dd75d566c156", "reporter": "AttackerKB", "references": ["https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-40444", "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-40444", "http://packetstormsecurity.com/files/164210/Microsoft-Windows-MSHTML-Overview.html"], "cvelist": ["CVE-2021-40444"], "immutableFields": [], "lastseen": "2021-10-08T11:12:01", "history": [], "viewCount": 52, "enchantments": {"dependencies": {"references": [{"type": "cve", "idList": ["CVE-2021-40444"]}, {"type": "kitploit", "idList": ["KITPLOIT:4033244480100620751", "KITPLOIT:942518396640901655", "KITPLOIT:3456474172768099634", "KITPLOIT:698315176468431184", "KITPLOIT:3697667464193804316", "KITPLOIT:5187040326820919368", "KITPLOIT:5550923684662771880", "KITPLOIT:5230148353750207837", "KITPLOIT:5184284878903042540", "KITPLOIT:2590785192528609562", "KITPLOIT:1624142243530526923", "KITPLOIT:4074521293617632933"]}, {"type": "cisa", "idList": ["CISA:C70D91615E3DC8B589B493118D474566"]}, {"type": "securelist", "idList": ["SECURELIST:63306FA6D056BD9A04969409AC790D84"]}, {"type": "mssecure", "idList": ["MSSECURE:795E0A765679492C51FEFA2B19EAD597"]}, {"type": "mmpc", "idList": ["MMPC:795E0A765679492C51FEFA2B19EAD597"]}, {"type": "trendmicroblog", "idList": ["TRENDMICROBLOG:E17B66F8728189778826A0F497A540F2", "TRENDMICROBLOG:E0C479F55DF4C53A47CA2170110555AE"]}, {"type": "mskb", "idList": ["KB5005563"]}, {"type": "threatpost", "idList": ["THREATPOST:62DC935BF4DB4EF8A4F1E83519B1D5CD", "THREATPOST:6D61C560E85ECD0A7A35C55E74849510", "THREATPOST:3C3F20C93519036CC712D1CA3A6D7C48"]}, {"type": "nessus", "idList": ["SMB_NT_MS21_SEP_5005569.NASL", "SMB_NT_MS21_SEP_5005565.NASL", "SMB_NT_MS21_SEP_5005566.NASL", "SMB_NT_MS21_IE_SEPT_2021.NASL", "SMB_NT_MS21_SEP_5005613.NASL", "SMB_NT_MS21_SEP_INTERNET_EXPLORER.NASL", "SMB_NT_MS21_SEP_5005573.NASL", "SMB_NT_MS21_SEP_5005568.NASL"]}, {"type": "kaspersky", "idList": ["KLA12278", "KLA12277"]}, {"type": "malwarebytes", "idList": ["MALWAREBYTES:DB54B348AF1AC41987150B5CE7B1BC66", "MALWAREBYTES:76333D1F0FCAFD79FA2EDD4A4CAFBB38", "MALWAREBYTES:801E20618F96EF51F9E60F7BC7906C2B"]}, {"type": "krebs", "idList": ["KREBS:2EC42B845847A6DCFE50ECEB9FF61C29", "KREBS:409088FC2DFC219B74043104C2B672CC"]}, {"type": "thn", "idList": ["THN:67ECC712AB360F5A56F2434CDBF6B51F", "THN:59AE75C78D4644BFA6AD90225B3DE0C1", "THN:D4E86BD8938D3B2E15104CA4922A51F8"]}, {"type": "mscve", "idList": ["MS:CVE-2021-40444"]}, {"type": "avleonov", "idList": ["AVLEONOV:5945665DFA613F7707360C10CED8C916"]}, {"type": "qualysblog", "idList": ["QUALYSBLOG:5576D16DC39617927D8AEFF027CC0911"]}, {"type": "rapid7blog", "idList": ["RAPID7BLOG:CC071AA6971D64B0F7A596B2BBD5F046"]}], "modified": "2021-10-05T10:41:56", "rev": 2}, "score": {"value": 4.4, "vector": "NONE", "modified": "2021-10-05T10:41:56", "rev": 2}}, "objectVersion": "1.6", "attackerkb": {"attackerValue": 3, "exploitability": 2}, "wildExploited": true, "wildExploitedCategory": {"Vendor Advisory": "", "News Article or Blog": ""}, "wildExploitedReports": [{"category": "Vendor Advisory", "source_url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-40444", "published": "2021-09-07T18:47:00"}, {"category": "Vendor Advisory", "source_url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-40444", "published": "2021-09-07T22:50:00"}, {"category": "Vendor Advisory", "source_url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-40444", "published": "2021-09-09T09:55:00"}, {"category": "News Article or Blog", "source_url": "", "published": "2021-09-10T05:06:00"}, {"category": "Vendor Advisory", "source_url": "https://www.microsoft.com/security/blog/2021/09/15/analyzing-attacks-that-exploit-the-mshtml-cve-2021-40444-vulnerability/", "published": "2021-09-17T14:53:00"}, {"category": "Threat Feed", "source_url": "", "published": "2021-09-17T14:53:00"}], "references_categories": {"Canonical": ["https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-40444"], "Miscellaneous": ["https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-40444", "http://packetstormsecurity.com/files/164210/Microsoft-Windows-MSHTML-Overview.html"]}, "tags": ["requires_interaction", "obscure_configuration"], "mitre_vector": {"Execution": ["Command and Scripting Interpreter: Windows Command Shell(Validated)", "Exploitation for Client Execution(Validated)", "User Execution(Validated)"]}, "last_activity": "2021-09-25T00:00:00"}, "lastseen": "2021-10-08T11:12:01", "differentElements": ["href"], "edition": 45}, {"bulletin": {"id": "AKB:F7CCD0B7-220B-49E5-A4DF-27E26B64A3F0", "hash": "3d52b470d5472513daaca763ba17c977", "type": "attackerkb", "bulletinFamily": "info", "title": "CVE-2021-40444", "description": "Microsoft MSHTML Remote Code Execution Vulnerability\n\n \n**Recent assessments:** \n \n**JunquerGJ** at September 07, 2021 10:50pm UTC reported:\n\n * Vulnerable if default behaviour has been changed ( By default, Microsoft Office opens documents from the internet in Protected View or Application Guard for Office both of which prevent the current attack ) \n\n * Requires social engineering to be exploited \n\n * Workaround easy to deploy\n\n**ccondon-r7** at September 07, 2021 7:12pm UTC reported:\n\n * Vulnerable if default behaviour has been changed ( By default, Microsoft Office opens documents from the internet in Protected View or Application Guard for Office both of which prevent the current attack ) \n\n * Requires social engineering to be exploited \n\n * Workaround easy to deploy\n\n**nu11secur1ty** at September 22, 2021 4:28pm UTC reported:\n\n * Vulnerable if default behaviour has been changed ( By default, Microsoft Office opens documents from the internet in Protected View or Application Guard for Office both of which prevent the current attack ) \n\n * Requires social engineering to be exploited \n\n * Workaround easy to deploy\n\n**NinjaOperator** at September 07, 2021 6:45pm UTC reported:\n\n * Vulnerable if default behaviour has been changed ( By default, Microsoft Office opens documents from the internet in Protected View or Application Guard for Office both of which prevent the current attack ) \n\n * Requires social engineering to be exploited \n\n * Workaround easy to deploy\n\nAssessed Attacker Value: 3 \nAssessed Attacker Value: 3Assessed Attacker Value: 2\n", "published": "2021-09-15T00:00:00", "modified": "2021-09-25T00:00:00", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}, "cvss2": {}, "cvss3": {}, "href": "https://attackerkb.com/topics/6ojqzQoPox/cve-2021-40444", "reporter": "AttackerKB", "references": ["https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-40444", "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-40444", "http://packetstormsecurity.com/files/164210/Microsoft-Windows-MSHTML-Overview.html"], "cvelist": ["CVE-2021-40444"], "immutableFields": [], "lastseen": "2021-10-08T13:41:12", "history": [], "viewCount": 52, "enchantments": {"dependencies": {"references": [{"type": "cve", "idList": ["CVE-2021-40444"]}, {"type": "kitploit", "idList": ["KITPLOIT:4033244480100620751", "KITPLOIT:942518396640901655", "KITPLOIT:3456474172768099634", "KITPLOIT:698315176468431184", "KITPLOIT:3697667464193804316", "KITPLOIT:5187040326820919368", "KITPLOIT:5550923684662771880", "KITPLOIT:5230148353750207837", "KITPLOIT:5184284878903042540", "KITPLOIT:2590785192528609562", "KITPLOIT:1624142243530526923", "KITPLOIT:4074521293617632933"]}, {"type": "cisa", "idList": ["CISA:C70D91615E3DC8B589B493118D474566"]}, {"type": "securelist", "idList": ["SECURELIST:63306FA6D056BD9A04969409AC790D84"]}, {"type": "mssecure", "idList": ["MSSECURE:795E0A765679492C51FEFA2B19EAD597"]}, {"type": "mmpc", "idList": ["MMPC:795E0A765679492C51FEFA2B19EAD597"]}, {"type": "trendmicroblog", "idList": ["TRENDMICROBLOG:E17B66F8728189778826A0F497A540F2", "TRENDMICROBLOG:E0C479F55DF4C53A47CA2170110555AE"]}, {"type": "mskb", "idList": ["KB5005563"]}, {"type": "threatpost", "idList": ["THREATPOST:62DC935BF4DB4EF8A4F1E83519B1D5CD", "THREATPOST:6D61C560E85ECD0A7A35C55E74849510", "THREATPOST:3C3F20C93519036CC712D1CA3A6D7C48"]}, {"type": "nessus", "idList": ["SMB_NT_MS21_SEP_5005569.NASL", "SMB_NT_MS21_SEP_5005565.NASL", "SMB_NT_MS21_SEP_5005566.NASL", "SMB_NT_MS21_IE_SEPT_2021.NASL", "SMB_NT_MS21_SEP_5005613.NASL", "SMB_NT_MS21_SEP_INTERNET_EXPLORER.NASL", "SMB_NT_MS21_SEP_5005573.NASL", "SMB_NT_MS21_SEP_5005568.NASL"]}, {"type": "kaspersky", "idList": ["KLA12278", "KLA12277"]}, {"type": "malwarebytes", "idList": ["MALWAREBYTES:DB54B348AF1AC41987150B5CE7B1BC66", "MALWAREBYTES:76333D1F0FCAFD79FA2EDD4A4CAFBB38", "MALWAREBYTES:801E20618F96EF51F9E60F7BC7906C2B"]}, {"type": "krebs", "idList": ["KREBS:2EC42B845847A6DCFE50ECEB9FF61C29", "KREBS:409088FC2DFC219B74043104C2B672CC"]}, {"type": "thn", "idList": ["THN:67ECC712AB360F5A56F2434CDBF6B51F", "THN:59AE75C78D4644BFA6AD90225B3DE0C1", "THN:D4E86BD8938D3B2E15104CA4922A51F8"]}, {"type": "mscve", "idList": ["MS:CVE-2021-40444"]}, {"type": "avleonov", "idList": ["AVLEONOV:5945665DFA613F7707360C10CED8C916"]}, {"type": "qualysblog", "idList": ["QUALYSBLOG:5576D16DC39617927D8AEFF027CC0911"]}, {"type": "rapid7blog", "idList": ["RAPID7BLOG:CC071AA6971D64B0F7A596B2BBD5F046"]}], "modified": "2021-10-05T10:41:56", "rev": 2}, "score": {"value": 4.4, "vector": "NONE", "modified": "2021-10-05T10:41:56", "rev": 2}}, "objectVersion": "1.6", "attackerkb": {"attackerValue": 3, "exploitability": 2}, "wildExploited": true, "wildExploitedCategory": {"Vendor Advisory": "", "News Article or Blog": ""}, "wildExploitedReports": [{"category": "Vendor Advisory", "source_url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-40444", "published": "2021-09-07T18:47:00"}, {"category": "Vendor Advisory", "source_url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-40444", "published": "2021-09-07T22:50:00"}, {"category": "Vendor Advisory", "source_url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-40444", "published": "2021-09-09T09:55:00"}, {"category": "News Article or Blog", "source_url": "", "published": "2021-09-10T05:06:00"}, {"category": "Vendor Advisory", "source_url": "https://www.microsoft.com/security/blog/2021/09/15/analyzing-attacks-that-exploit-the-mshtml-cve-2021-40444-vulnerability/", "published": "2021-09-17T14:53:00"}, {"category": "Threat Feed", "source_url": "", "published": "2021-09-17T14:53:00"}], "references_categories": {"Canonical": ["https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-40444"], "Miscellaneous": ["https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-40444", "http://packetstormsecurity.com/files/164210/Microsoft-Windows-MSHTML-Overview.html"]}, "tags": ["requires_interaction", "obscure_configuration"], "mitre_vector": {"Execution": ["Command and Scripting Interpreter: Windows Command Shell(Validated)", "Exploitation for Client Execution(Validated)", "User Execution(Validated)"]}, "last_activity": "2021-09-25T00:00:00"}, "lastseen": "2021-10-08T13:41:12", "differentElements": ["href"], "edition": 46}, {"bulletin": {"id": "AKB:F7CCD0B7-220B-49E5-A4DF-27E26B64A3F0", "hash": "f895324dfc94580c2fd6a7d9a0f2f27a", "type": "attackerkb", "bulletinFamily": "info", "title": "CVE-2021-40444", "description": "Microsoft MSHTML Remote Code Execution Vulnerability\n\n \n**Recent assessments:** \n \n**JunquerGJ** at September 07, 2021 10:50pm UTC reported:\n\n * Vulnerable if default behaviour has been changed ( By default, Microsoft Office opens documents from the internet in Protected View or Application Guard for Office both of which prevent the current attack ) \n\n * Requires social engineering to be exploited \n\n * Workaround easy to deploy\n\n**ccondon-r7** at September 07, 2021 7:12pm UTC reported:\n\n * Vulnerable if default behaviour has been changed ( By default, Microsoft Office opens documents from the internet in Protected View or Application Guard for Office both of which prevent the current attack ) \n\n * Requires social engineering to be exploited \n\n * Workaround easy to deploy\n\n**nu11secur1ty** at September 22, 2021 4:28pm UTC reported:\n\n * Vulnerable if default behaviour has been changed ( By default, Microsoft Office opens documents from the internet in Protected View or Application Guard for Office both of which prevent the current attack ) \n\n * Requires social engineering to be exploited \n\n * Workaround easy to deploy\n\n**NinjaOperator** at September 07, 2021 6:45pm UTC reported:\n\n * Vulnerable if default behaviour has been changed ( By default, Microsoft Office opens documents from the internet in Protected View or Application Guard for Office both of which prevent the current attack ) \n\n * Requires social engineering to be exploited \n\n * Workaround easy to deploy\n\nAssessed Attacker Value: 3 \nAssessed Attacker Value: 3Assessed Attacker Value: 2\n", "published": "2021-09-15T00:00:00", "modified": "2021-09-25T00:00:00", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}, "cvss2": {}, "cvss3": {}, "href": "https://attackerkb.com/comments/d5168efc-757d-4584-a59f-dd75d566c156", "reporter": "AttackerKB", "references": ["https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-40444", "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-40444", "http://packetstormsecurity.com/files/164210/Microsoft-Windows-MSHTML-Overview.html"], "cvelist": ["CVE-2021-40444"], "immutableFields": [], "lastseen": "2021-10-08T13:41:47", "history": [], "viewCount": 52, "enchantments": {"dependencies": {"references": [{"type": "cve", "idList": ["CVE-2021-40444"]}, {"type": "kitploit", "idList": ["KITPLOIT:4033244480100620751", "KITPLOIT:942518396640901655", "KITPLOIT:3456474172768099634", "KITPLOIT:698315176468431184", "KITPLOIT:3697667464193804316", "KITPLOIT:5187040326820919368", "KITPLOIT:5550923684662771880", "KITPLOIT:5230148353750207837", "KITPLOIT:5184284878903042540", "KITPLOIT:2590785192528609562", "KITPLOIT:1624142243530526923", "KITPLOIT:4074521293617632933"]}, {"type": "cisa", "idList": ["CISA:C70D91615E3DC8B589B493118D474566"]}, {"type": "securelist", "idList": ["SECURELIST:63306FA6D056BD9A04969409AC790D84"]}, {"type": "mssecure", "idList": ["MSSECURE:795E0A765679492C51FEFA2B19EAD597"]}, {"type": "mmpc", "idList": ["MMPC:795E0A765679492C51FEFA2B19EAD597"]}, {"type": "trendmicroblog", "idList": ["TRENDMICROBLOG:E17B66F8728189778826A0F497A540F2", "TRENDMICROBLOG:E0C479F55DF4C53A47CA2170110555AE"]}, {"type": "mskb", "idList": ["KB5005563"]}, {"type": "threatpost", "idList": ["THREATPOST:62DC935BF4DB4EF8A4F1E83519B1D5CD", "THREATPOST:6D61C560E85ECD0A7A35C55E74849510", "THREATPOST:3C3F20C93519036CC712D1CA3A6D7C48"]}, {"type": "nessus", "idList": ["SMB_NT_MS21_SEP_5005569.NASL", "SMB_NT_MS21_SEP_5005565.NASL", "SMB_NT_MS21_SEP_5005566.NASL", "SMB_NT_MS21_IE_SEPT_2021.NASL", "SMB_NT_MS21_SEP_5005613.NASL", "SMB_NT_MS21_SEP_INTERNET_EXPLORER.NASL", "SMB_NT_MS21_SEP_5005573.NASL", "SMB_NT_MS21_SEP_5005568.NASL"]}, {"type": "kaspersky", "idList": ["KLA12278", "KLA12277"]}, {"type": "malwarebytes", "idList": ["MALWAREBYTES:DB54B348AF1AC41987150B5CE7B1BC66", "MALWAREBYTES:76333D1F0FCAFD79FA2EDD4A4CAFBB38", "MALWAREBYTES:801E20618F96EF51F9E60F7BC7906C2B"]}, {"type": "krebs", "idList": ["KREBS:2EC42B845847A6DCFE50ECEB9FF61C29", "KREBS:409088FC2DFC219B74043104C2B672CC"]}, {"type": "thn", "idList": ["THN:67ECC712AB360F5A56F2434CDBF6B51F", "THN:59AE75C78D4644BFA6AD90225B3DE0C1", "THN:D4E86BD8938D3B2E15104CA4922A51F8"]}, {"type": "mscve", "idList": ["MS:CVE-2021-40444"]}, {"type": "avleonov", "idList": ["AVLEONOV:5945665DFA613F7707360C10CED8C916"]}, {"type": "qualysblog", "idList": ["QUALYSBLOG:5576D16DC39617927D8AEFF027CC0911"]}, {"type": "rapid7blog", "idList": ["RAPID7BLOG:CC071AA6971D64B0F7A596B2BBD5F046"]}], "modified": "2021-10-05T10:41:56", "rev": 2}, "score": {"value": 4.4, "vector": "NONE", "modified": "2021-10-05T10:41:56", "rev": 2}}, "objectVersion": "1.6", "attackerkb": {"attackerValue": 3, "exploitability": 2}, "wildExploited": true, "wildExploitedCategory": {"Vendor Advisory": "", "News Article or Blog": ""}, "wildExploitedReports": [{"category": "Vendor Advisory", "source_url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-40444", "published": "2021-09-07T18:47:00"}, {"category": "Vendor Advisory", "source_url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-40444", "published": "2021-09-07T22:50:00"}, {"category": "Vendor Advisory", "source_url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-40444", "published": "2021-09-09T09:55:00"}, {"category": "News Article or Blog", "source_url": "", "published": "2021-09-10T05:06:00"}, {"category": "Vendor Advisory", "source_url": "https://www.microsoft.com/security/blog/2021/09/15/analyzing-attacks-that-exploit-the-mshtml-cve-2021-40444-vulnerability/", "published": "2021-09-17T14:53:00"}, {"category": "Threat Feed", "source_url": "", "published": "2021-09-17T14:53:00"}], "references_categories": {"Canonical": ["https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-40444"], "Miscellaneous": ["https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-40444", "http://packetstormsecurity.com/files/164210/Microsoft-Windows-MSHTML-Overview.html"]}, "tags": ["requires_interaction", "obscure_configuration"], "mitre_vector": {"Execution": ["Command and Scripting Interpreter: Windows Command Shell(Validated)", "Exploitation for Client Execution(Validated)", "User Execution(Validated)"]}, "last_activity": "2021-09-25T00:00:00"}, "lastseen": "2021-10-08T13:41:47", "differentElements": ["href"], "edition": 47}, {"bulletin": {"id": "AKB:F7CCD0B7-220B-49E5-A4DF-27E26B64A3F0", "hash": "3d52b470d5472513daaca763ba17c977", "type": "attackerkb", "bulletinFamily": "info", "title": "CVE-2021-40444", "description": "Microsoft MSHTML Remote Code Execution Vulnerability\n\n \n**Recent assessments:** \n \n**JunquerGJ** at September 07, 2021 10:50pm UTC reported:\n\n * Vulnerable if default behaviour has been changed ( By default, Microsoft Office opens documents from the internet in Protected View or Application Guard for Office both of which prevent the current attack ) \n\n * Requires social engineering to be exploited \n\n * Workaround easy to deploy\n\n**ccondon-r7** at September 07, 2021 7:12pm UTC reported:\n\n * Vulnerable if default behaviour has been changed ( By default, Microsoft Office opens documents from the internet in Protected View or Application Guard for Office both of which prevent the current attack ) \n\n * Requires social engineering to be exploited \n\n * Workaround easy to deploy\n\n**nu11secur1ty** at September 22, 2021 4:28pm UTC reported:\n\n * Vulnerable if default behaviour has been changed ( By default, Microsoft Office opens documents from the internet in Protected View or Application Guard for Office both of which prevent the current attack ) \n\n * Requires social engineering to be exploited \n\n * Workaround easy to deploy\n\n**NinjaOperator** at September 07, 2021 6:45pm UTC reported:\n\n * Vulnerable if default behaviour has been changed ( By default, Microsoft Office opens documents from the internet in Protected View or Application Guard for Office both of which prevent the current attack ) \n\n * Requires social engineering to be exploited \n\n * Workaround easy to deploy\n\nAssessed Attacker Value: 3 \nAssessed Attacker Value: 3Assessed Attacker Value: 2\n", "published": "2021-09-15T00:00:00", "modified": "2021-09-25T00:00:00", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}, "cvss2": {}, "cvss3": {}, "href": "https://attackerkb.com/topics/6ojqzQoPox/cve-2021-40444", "reporter": "AttackerKB", "references": ["https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-40444", "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-40444", "http://packetstormsecurity.com/files/164210/Microsoft-Windows-MSHTML-Overview.html"], "cvelist": ["CVE-2021-40444"], "immutableFields": [], "lastseen": "2021-10-08T16:50:17", "history": [], "viewCount": 52, "enchantments": {"dependencies": {"references": [{"type": "cve", "idList": ["CVE-2021-40444"]}, {"type": "kitploit", "idList": ["KITPLOIT:4033244480100620751", "KITPLOIT:942518396640901655", "KITPLOIT:3456474172768099634", "KITPLOIT:698315176468431184", "KITPLOIT:3697667464193804316", "KITPLOIT:5187040326820919368", "KITPLOIT:5550923684662771880", "KITPLOIT:5230148353750207837", "KITPLOIT:5184284878903042540", "KITPLOIT:2590785192528609562", "KITPLOIT:1624142243530526923", "KITPLOIT:4074521293617632933"]}, {"type": "cisa", "idList": ["CISA:C70D91615E3DC8B589B493118D474566"]}, {"type": "securelist", "idList": ["SECURELIST:63306FA6D056BD9A04969409AC790D84"]}, {"type": "mssecure", "idList": ["MSSECURE:795E0A765679492C51FEFA2B19EAD597"]}, {"type": "mmpc", "idList": ["MMPC:795E0A765679492C51FEFA2B19EAD597"]}, {"type": "trendmicroblog", "idList": ["TRENDMICROBLOG:E17B66F8728189778826A0F497A540F2", "TRENDMICROBLOG:E0C479F55DF4C53A47CA2170110555AE"]}, {"type": "mskb", "idList": ["KB5005563"]}, {"type": "threatpost", "idList": ["THREATPOST:62DC935BF4DB4EF8A4F1E83519B1D5CD", "THREATPOST:6D61C560E85ECD0A7A35C55E74849510", "THREATPOST:3C3F20C93519036CC712D1CA3A6D7C48"]}, {"type": "nessus", "idList": ["SMB_NT_MS21_SEP_5005569.NASL", "SMB_NT_MS21_SEP_5005565.NASL", "SMB_NT_MS21_SEP_5005566.NASL", "SMB_NT_MS21_IE_SEPT_2021.NASL", "SMB_NT_MS21_SEP_5005613.NASL", "SMB_NT_MS21_SEP_INTERNET_EXPLORER.NASL", "SMB_NT_MS21_SEP_5005573.NASL", "SMB_NT_MS21_SEP_5005568.NASL"]}, {"type": "kaspersky", "idList": ["KLA12278", "KLA12277"]}, {"type": "malwarebytes", "idList": ["MALWAREBYTES:DB54B348AF1AC41987150B5CE7B1BC66", "MALWAREBYTES:76333D1F0FCAFD79FA2EDD4A4CAFBB38", "MALWAREBYTES:801E20618F96EF51F9E60F7BC7906C2B"]}, {"type": "krebs", "idList": ["KREBS:2EC42B845847A6DCFE50ECEB9FF61C29", "KREBS:409088FC2DFC219B74043104C2B672CC"]}, {"type": "thn", "idList": ["THN:67ECC712AB360F5A56F2434CDBF6B51F", "THN:59AE75C78D4644BFA6AD90225B3DE0C1", "THN:D4E86BD8938D3B2E15104CA4922A51F8"]}, {"type": "mscve", "idList": ["MS:CVE-2021-40444"]}, {"type": "avleonov", "idList": ["AVLEONOV:5945665DFA613F7707360C10CED8C916"]}, {"type": "qualysblog", "idList": ["QUALYSBLOG:5576D16DC39617927D8AEFF027CC0911"]}, {"type": "rapid7blog", "idList": ["RAPID7BLOG:CC071AA6971D64B0F7A596B2BBD5F046"]}], "modified": "2021-10-05T10:41:56", "rev": 2}, "score": {"value": 4.4, "vector": "NONE", "modified": "2021-10-05T10:41:56", "rev": 2}}, "objectVersion": "1.6", "attackerkb": {"attackerValue": 3, "exploitability": 2}, "wildExploited": true, "wildExploitedCategory": {"Vendor Advisory": "", "News Article or Blog": ""}, "wildExploitedReports": [{"category": "Vendor Advisory", "source_url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-40444", "published": "2021-09-07T18:47:00"}, {"category": "Vendor Advisory", "source_url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-40444", "published": "2021-09-07T22:50:00"}, {"category": "Vendor Advisory", "source_url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-40444", "published": "2021-09-09T09:55:00"}, {"category": "News Article or Blog", "source_url": "", "published": "2021-09-10T05:06:00"}, {"category": "Vendor Advisory", "source_url": "https://www.microsoft.com/security/blog/2021/09/15/analyzing-attacks-that-exploit-the-mshtml-cve-2021-40444-vulnerability/", "published": "2021-09-17T14:53:00"}, {"category": "Threat Feed", "source_url": "", "published": "2021-09-17T14:53:00"}], "references_categories": {"Canonical": ["https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-40444"], "Miscellaneous": ["https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-40444", "http://packetstormsecurity.com/files/164210/Microsoft-Windows-MSHTML-Overview.html"]}, "tags": ["requires_interaction", "obscure_configuration"], "mitre_vector": {"Execution": ["Command and Scripting Interpreter: Windows Command Shell(Validated)", "Exploitation for Client Execution(Validated)", "User Execution(Validated)"]}, "last_activity": "2021-09-25T00:00:00"}, "lastseen": "2021-10-08T16:50:17", "differentElements": ["href"], "edition": 48}, {"bulletin": {"id": "AKB:F7CCD0B7-220B-49E5-A4DF-27E26B64A3F0", "hash": "f895324dfc94580c2fd6a7d9a0f2f27a", "type": "attackerkb", "bulletinFamily": "info", "title": "CVE-2021-40444", "description": "Microsoft MSHTML Remote Code Execution Vulnerability\n\n \n**Recent assessments:** \n \n**JunquerGJ** at September 07, 2021 10:50pm UTC reported:\n\n * Vulnerable if default behaviour has been changed ( By default, Microsoft Office opens documents from the internet in Protected View or Application Guard for Office both of which prevent the current attack ) \n\n * Requires social engineering to be exploited \n\n * Workaround easy to deploy\n\n**ccondon-r7** at September 07, 2021 7:12pm UTC reported:\n\n * Vulnerable if default behaviour has been changed ( By default, Microsoft Office opens documents from the internet in Protected View or Application Guard for Office both of which prevent the current attack ) \n\n * Requires social engineering to be exploited \n\n * Workaround easy to deploy\n\n**nu11secur1ty** at September 22, 2021 4:28pm UTC reported:\n\n * Vulnerable if default behaviour has been changed ( By default, Microsoft Office opens documents from the internet in Protected View or Application Guard for Office both of which prevent the current attack ) \n\n * Requires social engineering to be exploited \n\n * Workaround easy to deploy\n\n**NinjaOperator** at September 07, 2021 6:45pm UTC reported:\n\n * Vulnerable if default behaviour has been changed ( By default, Microsoft Office opens documents from the internet in Protected View or Application Guard for Office both of which prevent the current attack ) \n\n * Requires social engineering to be exploited \n\n * Workaround easy to deploy\n\nAssessed Attacker Value: 3 \nAssessed Attacker Value: 3Assessed Attacker Value: 2\n", "published": "2021-09-15T00:00:00", "modified": "2021-09-25T00:00:00", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}, "cvss2": {}, "cvss3": {}, "href": "https://attackerkb.com/comments/d5168efc-757d-4584-a59f-dd75d566c156", "reporter": "AttackerKB", "references": ["https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-40444", "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-40444", "http://packetstormsecurity.com/files/164210/Microsoft-Windows-MSHTML-Overview.html"], "cvelist": ["CVE-2021-40444"], "immutableFields": [], "lastseen": "2021-10-08T19:41:28", "history": [], "viewCount": 52, "enchantments": {"dependencies": {"references": [{"type": "cve", "idList": ["CVE-2021-40444"]}, {"type": "kitploit", "idList": ["KITPLOIT:4033244480100620751", "KITPLOIT:942518396640901655", "KITPLOIT:3456474172768099634", "KITPLOIT:698315176468431184", "KITPLOIT:3697667464193804316", "KITPLOIT:5187040326820919368", "KITPLOIT:5550923684662771880", "KITPLOIT:5230148353750207837", "KITPLOIT:5184284878903042540", "KITPLOIT:2590785192528609562", "KITPLOIT:1624142243530526923", "KITPLOIT:4074521293617632933"]}, {"type": "cisa", "idList": ["CISA:C70D91615E3DC8B589B493118D474566"]}, {"type": "securelist", "idList": ["SECURELIST:63306FA6D056BD9A04969409AC790D84"]}, {"type": "mssecure", "idList": ["MSSECURE:795E0A765679492C51FEFA2B19EAD597"]}, {"type": "mmpc", "idList": ["MMPC:795E0A765679492C51FEFA2B19EAD597"]}, {"type": "trendmicroblog", "idList": ["TRENDMICROBLOG:E17B66F8728189778826A0F497A540F2", "TRENDMICROBLOG:E0C479F55DF4C53A47CA2170110555AE"]}, {"type": "mskb", "idList": ["KB5005563"]}, {"type": "threatpost", "idList": ["THREATPOST:62DC935BF4DB4EF8A4F1E83519B1D5CD", "THREATPOST:6D61C560E85ECD0A7A35C55E74849510", "THREATPOST:3C3F20C93519036CC712D1CA3A6D7C48"]}, {"type": "nessus", "idList": ["SMB_NT_MS21_SEP_5005569.NASL", "SMB_NT_MS21_SEP_5005565.NASL", "SMB_NT_MS21_SEP_5005566.NASL", "SMB_NT_MS21_IE_SEPT_2021.NASL", "SMB_NT_MS21_SEP_5005613.NASL", "SMB_NT_MS21_SEP_INTERNET_EXPLORER.NASL", "SMB_NT_MS21_SEP_5005573.NASL", "SMB_NT_MS21_SEP_5005568.NASL"]}, {"type": "kaspersky", "idList": ["KLA12278", "KLA12277"]}, {"type": "malwarebytes", "idList": ["MALWAREBYTES:DB54B348AF1AC41987150B5CE7B1BC66", "MALWAREBYTES:76333D1F0FCAFD79FA2EDD4A4CAFBB38", "MALWAREBYTES:801E20618F96EF51F9E60F7BC7906C2B"]}, {"type": "krebs", "idList": ["KREBS:2EC42B845847A6DCFE50ECEB9FF61C29", "KREBS:409088FC2DFC219B74043104C2B672CC"]}, {"type": "thn", "idList": ["THN:67ECC712AB360F5A56F2434CDBF6B51F", "THN:59AE75C78D4644BFA6AD90225B3DE0C1", "THN:D4E86BD8938D3B2E15104CA4922A51F8"]}, {"type": "mscve", "idList": ["MS:CVE-2021-40444"]}, {"type": "avleonov", "idList": ["AVLEONOV:5945665DFA613F7707360C10CED8C916"]}, {"type": "qualysblog", "idList": ["QUALYSBLOG:5576D16DC39617927D8AEFF027CC0911"]}, {"type": "rapid7blog", "idList": ["RAPID7BLOG:CC071AA6971D64B0F7A596B2BBD5F046"]}], "modified": "2021-10-05T10:41:56", "rev": 2}, "score": {"value": 4.4, "vector": "NONE", "modified": "2021-10-05T10:41:56", "rev": 2}}, "objectVersion": "1.6", "attackerkb": {"attackerValue": 3, "exploitability": 2}, "wildExploited": true, "wildExploitedCategory": {"Vendor Advisory": "", "News Article or Blog": ""}, "wildExploitedReports": [{"category": "Vendor Advisory", "source_url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-40444", "published": "2021-09-07T18:47:00"}, {"category": "Vendor Advisory", "source_url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-40444", "published": "2021-09-07T22:50:00"}, {"category": "Vendor Advisory", "source_url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-40444", "published": "2021-09-09T09:55:00"}, {"category": "News Article or Blog", "source_url": "", "published": "2021-09-10T05:06:00"}, {"category": "Vendor Advisory", "source_url": "https://www.microsoft.com/security/blog/2021/09/15/analyzing-attacks-that-exploit-the-mshtml-cve-2021-40444-vulnerability/", "published": "2021-09-17T14:53:00"}, {"category": "Threat Feed", "source_url": "", "published": "2021-09-17T14:53:00"}], "references_categories": {"Canonical": ["https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-40444"], "Miscellaneous": ["https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-40444", "http://packetstormsecurity.com/files/164210/Microsoft-Windows-MSHTML-Overview.html"]}, "tags": ["requires_interaction", "obscure_configuration"], "mitre_vector": {"Execution": ["Command and Scripting Interpreter: Windows Command Shell(Validated)", "Exploitation for Client Execution(Validated)", "User Execution(Validated)"]}, "last_activity": "2021-09-25T00:00:00"}, "lastseen": "2021-10-08T19:41:28", "differentElements": ["href"], "edition": 49}, {"bulletin": {"id": "AKB:F7CCD0B7-220B-49E5-A4DF-27E26B64A3F0", "hash": "3d52b470d5472513daaca763ba17c977", "type": "attackerkb", "bulletinFamily": "info", "title": "CVE-2021-40444", "description": "Microsoft MSHTML Remote Code Execution Vulnerability\n\n \n**Recent assessments:** \n \n**JunquerGJ** at September 07, 2021 10:50pm UTC reported:\n\n * Vulnerable if default behaviour has been changed ( By default, Microsoft Office opens documents from the internet in Protected View or Application Guard for Office both of which prevent the current attack ) \n\n * Requires social engineering to be exploited \n\n * Workaround easy to deploy\n\n**ccondon-r7** at September 07, 2021 7:12pm UTC reported:\n\n * Vulnerable if default behaviour has been changed ( By default, Microsoft Office opens documents from the internet in Protected View or Application Guard for Office both of which prevent the current attack ) \n\n * Requires social engineering to be exploited \n\n * Workaround easy to deploy\n\n**nu11secur1ty** at September 22, 2021 4:28pm UTC reported:\n\n * Vulnerable if default behaviour has been changed ( By default, Microsoft Office opens documents from the internet in Protected View or Application Guard for Office both of which prevent the current attack ) \n\n * Requires social engineering to be exploited \n\n * Workaround easy to deploy\n\n**NinjaOperator** at September 07, 2021 6:45pm UTC reported:\n\n * Vulnerable if default behaviour has been changed ( By default, Microsoft Office opens documents from the internet in Protected View or Application Guard for Office both of which prevent the current attack ) \n\n * Requires social engineering to be exploited \n\n * Workaround easy to deploy\n\nAssessed Attacker Value: 3 \nAssessed Attacker Value: 3Assessed Attacker Value: 2\n", "published": "2021-09-15T00:00:00", "modified": "2021-09-25T00:00:00", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}, "cvss2": {}, "cvss3": {}, "href": "https://attackerkb.com/topics/6ojqzQoPox/cve-2021-40444", "reporter": "AttackerKB", "references": ["https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-40444", "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-40444", "http://packetstormsecurity.com/files/164210/Microsoft-Windows-MSHTML-Overview.html"], "cvelist": ["CVE-2021-40444"], "immutableFields": [], "lastseen": "2021-10-08T19:41:35", "history": [], "viewCount": 52, "enchantments": {"dependencies": {"references": [{"type": "cve", "idList": ["CVE-2021-40444"]}, {"type": "kitploit", "idList": ["KITPLOIT:4033244480100620751", "KITPLOIT:942518396640901655", "KITPLOIT:3456474172768099634", "KITPLOIT:698315176468431184", "KITPLOIT:3697667464193804316", "KITPLOIT:5187040326820919368", "KITPLOIT:5550923684662771880", "KITPLOIT:5230148353750207837", "KITPLOIT:5184284878903042540", "KITPLOIT:2590785192528609562", "KITPLOIT:1624142243530526923", "KITPLOIT:4074521293617632933"]}, {"type": "cisa", "idList": ["CISA:C70D91615E3DC8B589B493118D474566"]}, {"type": "securelist", "idList": ["SECURELIST:63306FA6D056BD9A04969409AC790D84"]}, {"type": "mssecure", "idList": ["MSSECURE:795E0A765679492C51FEFA2B19EAD597"]}, {"type": "mmpc", "idList": ["MMPC:795E0A765679492C51FEFA2B19EAD597"]}, {"type": "trendmicroblog", "idList": ["TRENDMICROBLOG:E17B66F8728189778826A0F497A540F2", "TRENDMICROBLOG:E0C479F55DF4C53A47CA2170110555AE"]}, {"type": "mskb", "idList": ["KB5005563"]}, {"type": "threatpost", "idList": ["THREATPOST:62DC935BF4DB4EF8A4F1E83519B1D5CD", "THREATPOST:6D61C560E85ECD0A7A35C55E74849510", "THREATPOST:3C3F20C93519036CC712D1CA3A6D7C48"]}, {"type": "nessus", "idList": ["SMB_NT_MS21_SEP_5005569.NASL", "SMB_NT_MS21_SEP_5005565.NASL", "SMB_NT_MS21_SEP_5005566.NASL", "SMB_NT_MS21_IE_SEPT_2021.NASL", "SMB_NT_MS21_SEP_5005613.NASL", "SMB_NT_MS21_SEP_INTERNET_EXPLORER.NASL", "SMB_NT_MS21_SEP_5005573.NASL", "SMB_NT_MS21_SEP_5005568.NASL"]}, {"type": "kaspersky", "idList": ["KLA12278", "KLA12277"]}, {"type": "malwarebytes", "idList": ["MALWAREBYTES:DB54B348AF1AC41987150B5CE7B1BC66", "MALWAREBYTES:76333D1F0FCAFD79FA2EDD4A4CAFBB38", "MALWAREBYTES:801E20618F96EF51F9E60F7BC7906C2B"]}, {"type": "krebs", "idList": ["KREBS:2EC42B845847A6DCFE50ECEB9FF61C29", "KREBS:409088FC2DFC219B74043104C2B672CC"]}, {"type": "thn", "idList": ["THN:67ECC712AB360F5A56F2434CDBF6B51F", "THN:59AE75C78D4644BFA6AD90225B3DE0C1", "THN:D4E86BD8938D3B2E15104CA4922A51F8"]}, {"type": "mscve", "idList": ["MS:CVE-2021-40444"]}, {"type": "avleonov", "idList": ["AVLEONOV:5945665DFA613F7707360C10CED8C916"]}, {"type": "qualysblog", "idList": ["QUALYSBLOG:5576D16DC39617927D8AEFF027CC0911"]}, {"type": "rapid7blog", "idList": ["RAPID7BLOG:CC071AA6971D64B0F7A596B2BBD5F046"]}], "modified": "2021-10-05T10:41:56", "rev": 2}, "score": {"value": 4.4, "vector": "NONE", "modified": "2021-10-05T10:41:56", "rev": 2}}, "objectVersion": "1.6", "attackerkb": {"attackerValue": 3, "exploitability": 2}, "wildExploited": true, "wildExploitedCategory": {"Vendor Advisory": "", "News Article or Blog": ""}, "wildExploitedReports": [{"category": "Vendor Advisory", "source_url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-40444", "published": "2021-09-07T18:47:00"}, {"category": "Vendor Advisory", "source_url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-40444", "published": "2021-09-07T22:50:00"}, {"category": "Vendor Advisory", "source_url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-40444", "published": "2021-09-09T09:55:00"}, {"category": "News Article or Blog", "source_url": "", "published": "2021-09-10T05:06:00"}, {"category": "Vendor Advisory", "source_url": "https://www.microsoft.com/security/blog/2021/09/15/analyzing-attacks-that-exploit-the-mshtml-cve-2021-40444-vulnerability/", "published": "2021-09-17T14:53:00"}, {"category": "Threat Feed", "source_url": "", "published": "2021-09-17T14:53:00"}], "references_categories": {"Canonical": ["https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-40444"], "Miscellaneous": ["https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-40444", "http://packetstormsecurity.com/files/164210/Microsoft-Windows-MSHTML-Overview.html"]}, "tags": ["requires_interaction", "obscure_configuration"], "mitre_vector": {"Execution": ["Command and Scripting Interpreter: Windows Command Shell(Validated)", "Exploitation for Client Execution(Validated)", "User Execution(Validated)"]}, "last_activity": "2021-09-25T00:00:00"}, "lastseen": "2021-10-08T19:41:35", "differentElements": ["href"], "edition": 50}, {"bulletin": {"id": "AKB:F7CCD0B7-220B-49E5-A4DF-27E26B64A3F0", "hash": "f895324dfc94580c2fd6a7d9a0f2f27a", "type": "attackerkb", "bulletinFamily": "info", "title": "CVE-2021-40444", "description": "Microsoft MSHTML Remote Code Execution Vulnerability\n\n \n**Recent assessments:** \n \n**JunquerGJ** at September 07, 2021 10:50pm UTC reported:\n\n * Vulnerable if default behaviour has been changed ( By default, Microsoft Office opens documents from the internet in Protected View or Application Guard for Office both of which prevent the current attack ) \n\n * Requires social engineering to be exploited \n\n * Workaround easy to deploy\n\n**ccondon-r7** at September 07, 2021 7:12pm UTC reported:\n\n * Vulnerable if default behaviour has been changed ( By default, Microsoft Office opens documents from the internet in Protected View or Application Guard for Office both of which prevent the current attack ) \n\n * Requires social engineering to be exploited \n\n * Workaround easy to deploy\n\n**nu11secur1ty** at September 22, 2021 4:28pm UTC reported:\n\n * Vulnerable if default behaviour has been changed ( By default, Microsoft Office opens documents from the internet in Protected View or Application Guard for Office both of which prevent the current attack ) \n\n * Requires social engineering to be exploited \n\n * Workaround easy to deploy\n\n**NinjaOperator** at September 07, 2021 6:45pm UTC reported:\n\n * Vulnerable if default behaviour has been changed ( By default, Microsoft Office opens documents from the internet in Protected View or Application Guard for Office both of which prevent the current attack ) \n\n * Requires social engineering to be exploited \n\n * Workaround easy to deploy\n\nAssessed Attacker Value: 3 \nAssessed Attacker Value: 3Assessed Attacker Value: 2\n", "published": "2021-09-15T00:00:00", "modified": "2021-09-25T00:00:00", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}, "cvss2": {}, "cvss3": {}, "href": "https://attackerkb.com/comments/d5168efc-757d-4584-a59f-dd75d566c156", "reporter": "AttackerKB", "references": ["https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-40444", "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-40444", "http://packetstormsecurity.com/files/164210/Microsoft-Windows-MSHTML-Overview.html"], "cvelist": ["CVE-2021-40444"], "immutableFields": [], "lastseen": "2021-10-08T22:41:12", "history": [], "viewCount": 52, "enchantments": {"dependencies": {"references": [{"type": "cve", "idList": ["CVE-2021-40444"]}, {"type": "kitploit", "idList": ["KITPLOIT:4033244480100620751", "KITPLOIT:942518396640901655", "KITPLOIT:3456474172768099634", "KITPLOIT:698315176468431184", "KITPLOIT:3697667464193804316", "KITPLOIT:5187040326820919368", "KITPLOIT:5550923684662771880", "KITPLOIT:5230148353750207837", "KITPLOIT:5184284878903042540", "KITPLOIT:2590785192528609562", "KITPLOIT:1624142243530526923", "KITPLOIT:4074521293617632933"]}, {"type": "cisa", "idList": ["CISA:C70D91615E3DC8B589B493118D474566"]}, {"type": "securelist", "idList": ["SECURELIST:63306FA6D056BD9A04969409AC790D84"]}, {"type": "mssecure", "idList": ["MSSECURE:795E0A765679492C51FEFA2B19EAD597"]}, {"type": "mmpc", "idList": ["MMPC:795E0A765679492C51FEFA2B19EAD597"]}, {"type": "trendmicroblog", "idList": ["TRENDMICROBLOG:E17B66F8728189778826A0F497A540F2", "TRENDMICROBLOG:E0C479F55DF4C53A47CA2170110555AE"]}, {"type": "mskb", "idList": ["KB5005563"]}, {"type": "threatpost", "idList": ["THREATPOST:62DC935BF4DB4EF8A4F1E83519B1D5CD", "THREATPOST:6D61C560E85ECD0A7A35C55E74849510", "THREATPOST:3C3F20C93519036CC712D1CA3A6D7C48"]}, {"type": "nessus", "idList": ["SMB_NT_MS21_SEP_5005569.NASL", "SMB_NT_MS21_SEP_5005565.NASL", "SMB_NT_MS21_SEP_5005566.NASL", "SMB_NT_MS21_IE_SEPT_2021.NASL", "SMB_NT_MS21_SEP_5005613.NASL", "SMB_NT_MS21_SEP_INTERNET_EXPLORER.NASL", "SMB_NT_MS21_SEP_5005573.NASL", "SMB_NT_MS21_SEP_5005568.NASL"]}, {"type": "kaspersky", "idList": ["KLA12278", "KLA12277"]}, {"type": "malwarebytes", "idList": ["MALWAREBYTES:DB54B348AF1AC41987150B5CE7B1BC66", "MALWAREBYTES:76333D1F0FCAFD79FA2EDD4A4CAFBB38", "MALWAREBYTES:801E20618F96EF51F9E60F7BC7906C2B"]}, {"type": "krebs", "idList": ["KREBS:2EC42B845847A6DCFE50ECEB9FF61C29", "KREBS:409088FC2DFC219B74043104C2B672CC"]}, {"type": "thn", "idList": ["THN:67ECC712AB360F5A56F2434CDBF6B51F", "THN:59AE75C78D4644BFA6AD90225B3DE0C1", "THN:D4E86BD8938D3B2E15104CA4922A51F8"]}, {"type": "mscve", "idList": ["MS:CVE-2021-40444"]}, {"type": "avleonov", "idList": ["AVLEONOV:5945665DFA613F7707360C10CED8C916"]}, {"type": "qualysblog", "idList": ["QUALYSBLOG:5576D16DC39617927D8AEFF027CC0911"]}, {"type": "rapid7blog", "idList": ["RAPID7BLOG:CC071AA6971D64B0F7A596B2BBD5F046"]}], "modified": "2021-10-05T10:41:56", "rev": 2}, "score": {"value": 4.4, "vector": "NONE", "modified": "2021-10-05T10:41:56", "rev": 2}}, "objectVersion": "1.6", "attackerkb": {"attackerValue": 3, "exploitability": 2}, "wildExploited": true, "wildExploitedCategory": {"Vendor Advisory": "", "News Article or Blog": ""}, "wildExploitedReports": [{"category": "Vendor Advisory", "source_url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-40444", "published": "2021-09-07T18:47:00"}, {"category": "Vendor Advisory", "source_url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-40444", "published": "2021-09-07T22:50:00"}, {"category": "Vendor Advisory", "source_url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-40444", "published": "2021-09-09T09:55:00"}, {"category": "News Article or Blog", "source_url": "", "published": "2021-09-10T05:06:00"}, {"category": "Vendor Advisory", "source_url": "https://www.microsoft.com/security/blog/2021/09/15/analyzing-attacks-that-exploit-the-mshtml-cve-2021-40444-vulnerability/", "published": "2021-09-17T14:53:00"}, {"category": "Threat Feed", "source_url": "", "published": "2021-09-17T14:53:00"}], "references_categories": {"Canonical": ["https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-40444"], "Miscellaneous": ["https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-40444", "http://packetstormsecurity.com/files/164210/Microsoft-Windows-MSHTML-Overview.html"]}, "tags": ["requires_interaction", "obscure_configuration"], "mitre_vector": {"Execution": ["Command and Scripting Interpreter: Windows Command Shell(Validated)", "Exploitation for Client Execution(Validated)", "User Execution(Validated)"]}, "last_activity": "2021-09-25T00:00:00"}, "lastseen": "2021-10-08T22:41:12", "differentElements": ["href"], "edition": 51}, {"bulletin": {"id": "AKB:F7CCD0B7-220B-49E5-A4DF-27E26B64A3F0", "hash": "3d52b470d5472513daaca763ba17c977", "type": "attackerkb", "bulletinFamily": "info", "title": "CVE-2021-40444", "description": "Microsoft MSHTML Remote Code Execution Vulnerability\n\n \n**Recent assessments:** \n \n**JunquerGJ** at September 07, 2021 10:50pm UTC reported:\n\n * Vulnerable if default behaviour has been changed ( By default, Microsoft Office opens documents from the internet in Protected View or Application Guard for Office both of which prevent the current attack ) \n\n * Requires social engineering to be exploited \n\n * Workaround easy to deploy\n\n**ccondon-r7** at September 07, 2021 7:12pm UTC reported:\n\n * Vulnerable if default behaviour has been changed ( By default, Microsoft Office opens documents from the internet in Protected View or Application Guard for Office both of which prevent the current attack ) \n\n * Requires social engineering to be exploited \n\n * Workaround easy to deploy\n\n**nu11secur1ty** at September 22, 2021 4:28pm UTC reported:\n\n * Vulnerable if default behaviour has been changed ( By default, Microsoft Office opens documents from the internet in Protected View or Application Guard for Office both of which prevent the current attack ) \n\n * Requires social engineering to be exploited \n\n * Workaround easy to deploy\n\n**NinjaOperator** at September 07, 2021 6:45pm UTC reported:\n\n * Vulnerable if default behaviour has been changed ( By default, Microsoft Office opens documents from the internet in Protected View or Application Guard for Office both of which prevent the current attack ) \n\n * Requires social engineering to be exploited \n\n * Workaround easy to deploy\n\nAssessed Attacker Value: 3 \nAssessed Attacker Value: 3Assessed Attacker Value: 2\n", "published": "2021-09-15T00:00:00", "modified": "2021-09-25T00:00:00", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}, "cvss2": {}, "cvss3": {}, "href": "https://attackerkb.com/topics/6ojqzQoPox/cve-2021-40444", "reporter": "AttackerKB", "references": ["https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-40444", "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-40444", "http://packetstormsecurity.com/files/164210/Microsoft-Windows-MSHTML-Overview.html"], "cvelist": ["CVE-2021-40444"], "immutableFields": [], "lastseen": "2021-10-08T22:41:16", "history": [], "viewCount": 52, "enchantments": {"dependencies": {"references": [{"type": "cve", "idList": ["CVE-2021-40444"]}, {"type": "kitploit", "idList": ["KITPLOIT:4033244480100620751", "KITPLOIT:942518396640901655", "KITPLOIT:3456474172768099634", "KITPLOIT:698315176468431184", "KITPLOIT:3697667464193804316", "KITPLOIT:5187040326820919368", "KITPLOIT:5550923684662771880", "KITPLOIT:5230148353750207837", "KITPLOIT:5184284878903042540", "KITPLOIT:2590785192528609562", "KITPLOIT:1624142243530526923", "KITPLOIT:4074521293617632933"]}, {"type": "cisa", "idList": ["CISA:C70D91615E3DC8B589B493118D474566"]}, {"type": "securelist", "idList": ["SECURELIST:63306FA6D056BD9A04969409AC790D84"]}, {"type": "mssecure", "idList": ["MSSECURE:795E0A765679492C51FEFA2B19EAD597"]}, {"type": "mmpc", "idList": ["MMPC:795E0A765679492C51FEFA2B19EAD597"]}, {"type": "trendmicroblog", "idList": ["TRENDMICROBLOG:E17B66F8728189778826A0F497A540F2", "TRENDMICROBLOG:E0C479F55DF4C53A47CA2170110555AE"]}, {"type": "mskb", "idList": ["KB5005563"]}, {"type": "threatpost", "idList": ["THREATPOST:62DC935BF4DB4EF8A4F1E83519B1D5CD", "THREATPOST:6D61C560E85ECD0A7A35C55E74849510", "THREATPOST:3C3F20C93519036CC712D1CA3A6D7C48"]}, {"type": "nessus", "idList": ["SMB_NT_MS21_SEP_5005569.NASL", "SMB_NT_MS21_SEP_5005565.NASL", "SMB_NT_MS21_SEP_5005566.NASL", "SMB_NT_MS21_IE_SEPT_2021.NASL", "SMB_NT_MS21_SEP_5005613.NASL", "SMB_NT_MS21_SEP_INTERNET_EXPLORER.NASL", "SMB_NT_MS21_SEP_5005573.NASL", "SMB_NT_MS21_SEP_5005568.NASL"]}, {"type": "kaspersky", "idList": ["KLA12278", "KLA12277"]}, {"type": "malwarebytes", "idList": ["MALWAREBYTES:DB54B348AF1AC41987150B5CE7B1BC66", "MALWAREBYTES:76333D1F0FCAFD79FA2EDD4A4CAFBB38", "MALWAREBYTES:801E20618F96EF51F9E60F7BC7906C2B"]}, {"type": "krebs", "idList": ["KREBS:2EC42B845847A6DCFE50ECEB9FF61C29", "KREBS:409088FC2DFC219B74043104C2B672CC"]}, {"type": "thn", "idList": ["THN:67ECC712AB360F5A56F2434CDBF6B51F", "THN:59AE75C78D4644BFA6AD90225B3DE0C1", "THN:D4E86BD8938D3B2E15104CA4922A51F8"]}, {"type": "mscve", "idList": ["MS:CVE-2021-40444"]}, {"type": "avleonov", "idList": ["AVLEONOV:5945665DFA613F7707360C10CED8C916"]}, {"type": "qualysblog", "idList": ["QUALYSBLOG:5576D16DC39617927D8AEFF027CC0911"]}, {"type": "rapid7blog", "idList": ["RAPID7BLOG:CC071AA6971D64B0F7A596B2BBD5F046"]}], "modified": "2021-10-05T10:41:56", "rev": 2}, "score": {"value": 4.4, "vector": "NONE", "modified": "2021-10-05T10:41:56", "rev": 2}}, "objectVersion": "1.6", "attackerkb": {"attackerValue": 3, "exploitability": 2}, "wildExploited": true, "wildExploitedCategory": {"Vendor Advisory": "", "News Article or Blog": ""}, "wildExploitedReports": [{"category": "Vendor Advisory", "source_url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-40444", "published": "2021-09-07T18:47:00"}, {"category": "Vendor Advisory", "source_url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-40444", "published": "2021-09-07T22:50:00"}, {"category": "Vendor Advisory", "source_url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-40444", "published": "2021-09-09T09:55:00"}, {"category": "News Article or Blog", "source_url": "", "published": "2021-09-10T05:06:00"}, {"category": "Vendor Advisory", "source_url": "https://www.microsoft.com/security/blog/2021/09/15/analyzing-attacks-that-exploit-the-mshtml-cve-2021-40444-vulnerability/", "published": "2021-09-17T14:53:00"}, {"category": "Threat Feed", "source_url": "", "published": "2021-09-17T14:53:00"}], "references_categories": {"Canonical": ["https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-40444"], "Miscellaneous": ["https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-40444", "http://packetstormsecurity.com/files/164210/Microsoft-Windows-MSHTML-Overview.html"]}, "tags": ["requires_interaction", "obscure_configuration"], "mitre_vector": {"Execution": ["Command and Scripting Interpreter: Windows Command Shell(Validated)", "Exploitation for Client Execution(Validated)", "User Execution(Validated)"]}, "last_activity": "2021-09-25T00:00:00"}, "lastseen": "2021-10-08T22:41:16", "differentElements": ["href"], "edition": 52}, {"bulletin": {"id": "AKB:F7CCD0B7-220B-49E5-A4DF-27E26B64A3F0", "hash": "f895324dfc94580c2fd6a7d9a0f2f27a", "type": "attackerkb", "bulletinFamily": "info", "title": "CVE-2021-40444", "description": "Microsoft MSHTML Remote Code Execution Vulnerability\n\n \n**Recent assessments:** \n \n**JunquerGJ** at September 07, 2021 10:50pm UTC reported:\n\n * Vulnerable if default behaviour has been changed ( By default, Microsoft Office opens documents from the internet in Protected View or Application Guard for Office both of which prevent the current attack ) \n\n * Requires social engineering to be exploited \n\n * Workaround easy to deploy\n\n**ccondon-r7** at September 07, 2021 7:12pm UTC reported:\n\n * Vulnerable if default behaviour has been changed ( By default, Microsoft Office opens documents from the internet in Protected View or Application Guard for Office both of which prevent the current attack ) \n\n * Requires social engineering to be exploited \n\n * Workaround easy to deploy\n\n**nu11secur1ty** at September 22, 2021 4:28pm UTC reported:\n\n * Vulnerable if default behaviour has been changed ( By default, Microsoft Office opens documents from the internet in Protected View or Application Guard for Office both of which prevent the current attack ) \n\n * Requires social engineering to be exploited \n\n * Workaround easy to deploy\n\n**NinjaOperator** at September 07, 2021 6:45pm UTC reported:\n\n * Vulnerable if default behaviour has been changed ( By default, Microsoft Office opens documents from the internet in Protected View or Application Guard for Office both of which prevent the current attack ) \n\n * Requires social engineering to be exploited \n\n * Workaround easy to deploy\n\nAssessed Attacker Value: 3 \nAssessed Attacker Value: 3Assessed Attacker Value: 2\n", "published": "2021-09-15T00:00:00", "modified": "2021-09-25T00:00:00", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}, "cvss2": {}, "cvss3": {}, "href": "https://attackerkb.com/comments/d5168efc-757d-4584-a59f-dd75d566c156", "reporter": "AttackerKB", "references": ["https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-40444", "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-40444", "http://packetstormsecurity.com/files/164210/Microsoft-Windows-MSHTML-Overview.html"], "cvelist": ["CVE-2021-40444"], "immutableFields": [], "lastseen": "2021-10-09T01:42:03", "history": [], "viewCount": 52, "enchantments": {"dependencies": {"references": [{"type": "cve", "idList": ["CVE-2021-40444"]}, {"type": "kitploit", "idList": ["KITPLOIT:4033244480100620751", "KITPLOIT:942518396640901655", "KITPLOIT:3456474172768099634", "KITPLOIT:698315176468431184", "KITPLOIT:3697667464193804316", "KITPLOIT:5187040326820919368", "KITPLOIT:5550923684662771880", "KITPLOIT:5230148353750207837", "KITPLOIT:5184284878903042540", "KITPLOIT:2590785192528609562", "KITPLOIT:1624142243530526923", "KITPLOIT:4074521293617632933"]}, {"type": "cisa", "idList": ["CISA:C70D91615E3DC8B589B493118D474566"]}, {"type": "securelist", "idList": ["SECURELIST:63306FA6D056BD9A04969409AC790D84"]}, {"type": "mssecure", "idList": ["MSSECURE:795E0A765679492C51FEFA2B19EAD597"]}, {"type": "mmpc", "idList": ["MMPC:795E0A765679492C51FEFA2B19EAD597"]}, {"type": "trendmicroblog", "idList": ["TRENDMICROBLOG:E17B66F8728189778826A0F497A540F2", "TRENDMICROBLOG:E0C479F55DF4C53A47CA2170110555AE"]}, {"type": "mskb", "idList": ["KB5005563"]}, {"type": "threatpost", "idList": ["THREATPOST:62DC935BF4DB4EF8A4F1E83519B1D5CD", "THREATPOST:6D61C560E85ECD0A7A35C55E74849510", "THREATPOST:3C3F20C93519036CC712D1CA3A6D7C48"]}, {"type": "nessus", "idList": ["SMB_NT_MS21_SEP_5005569.NASL", "SMB_NT_MS21_SEP_5005565.NASL", "SMB_NT_MS21_SEP_5005566.NASL", "SMB_NT_MS21_IE_SEPT_2021.NASL", "SMB_NT_MS21_SEP_5005613.NASL", "SMB_NT_MS21_SEP_INTERNET_EXPLORER.NASL", "SMB_NT_MS21_SEP_5005573.NASL", "SMB_NT_MS21_SEP_5005568.NASL"]}, {"type": "kaspersky", "idList": ["KLA12278", "KLA12277"]}, {"type": "malwarebytes", "idList": ["MALWAREBYTES:DB54B348AF1AC41987150B5CE7B1BC66", "MALWAREBYTES:76333D1F0FCAFD79FA2EDD4A4CAFBB38", "MALWAREBYTES:801E20618F96EF51F9E60F7BC7906C2B"]}, {"type": "krebs", "idList": ["KREBS:2EC42B845847A6DCFE50ECEB9FF61C29", "KREBS:409088FC2DFC219B74043104C2B672CC"]}, {"type": "thn", "idList": ["THN:67ECC712AB360F5A56F2434CDBF6B51F", "THN:59AE75C78D4644BFA6AD90225B3DE0C1", "THN:D4E86BD8938D3B2E15104CA4922A51F8"]}, {"type": "mscve", "idList": ["MS:CVE-2021-40444"]}, {"type": "avleonov", "idList": ["AVLEONOV:5945665DFA613F7707360C10CED8C916"]}, {"type": "qualysblog", "idList": ["QUALYSBLOG:5576D16DC39617927D8AEFF027CC0911"]}, {"type": "rapid7blog", "idList": ["RAPID7BLOG:CC071AA6971D64B0F7A596B2BBD5F046"]}], "modified": "2021-10-05T10:41:56", "rev": 2}, "score": {"value": 4.4, "vector": "NONE", "modified": "2021-10-05T10:41:56", "rev": 2}}, "objectVersion": "1.6", "attackerkb": {"attackerValue": 3, "exploitability": 2}, "wildExploited": true, "wildExploitedCategory": {"Vendor Advisory": "", "News Article or Blog": ""}, "wildExploitedReports": [{"category": "Vendor Advisory", "source_url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-40444", "published": "2021-09-07T18:47:00"}, {"category": "Vendor Advisory", "source_url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-40444", "published": "2021-09-07T22:50:00"}, {"category": "Vendor Advisory", "source_url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-40444", "published": "2021-09-09T09:55:00"}, {"category": "News Article or Blog", "source_url": "", "published": "2021-09-10T05:06:00"}, {"category": "Vendor Advisory", "source_url": "https://www.microsoft.com/security/blog/2021/09/15/analyzing-attacks-that-exploit-the-mshtml-cve-2021-40444-vulnerability/", "published": "2021-09-17T14:53:00"}, {"category": "Threat Feed", "source_url": "", "published": "2021-09-17T14:53:00"}], "references_categories": {"Canonical": ["https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-40444"], "Miscellaneous": ["https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-40444", "http://packetstormsecurity.com/files/164210/Microsoft-Windows-MSHTML-Overview.html"]}, "tags": ["requires_interaction", "obscure_configuration"], "mitre_vector": {"Execution": ["Command and Scripting Interpreter: Windows Command Shell(Validated)", "Exploitation for Client Execution(Validated)", "User Execution(Validated)"]}, "last_activity": "2021-09-25T00:00:00"}, "lastseen": "2021-10-09T01:42:03", "differentElements": ["href"], "edition": 53}, {"bulletin": {"id": "AKB:F7CCD0B7-220B-49E5-A4DF-27E26B64A3F0", "hash": "3d52b470d5472513daaca763ba17c977", "type": "attackerkb", "bulletinFamily": "info", "title": "CVE-2021-40444", "description": "Microsoft MSHTML Remote Code Execution Vulnerability\n\n \n**Recent assessments:** \n \n**JunquerGJ** at September 07, 2021 10:50pm UTC reported:\n\n * Vulnerable if default behaviour has been changed ( By default, Microsoft Office opens documents from the internet in Protected View or Application Guard for Office both of which prevent the current attack ) \n\n * Requires social engineering to be exploited \n\n * Workaround easy to deploy\n\n**ccondon-r7** at September 07, 2021 7:12pm UTC reported:\n\n * Vulnerable if default behaviour has been changed ( By default, Microsoft Office opens documents from the internet in Protected View or Application Guard for Office both of which prevent the current attack ) \n\n * Requires social engineering to be exploited \n\n * Workaround easy to deploy\n\n**nu11secur1ty** at September 22, 2021 4:28pm UTC reported:\n\n * Vulnerable if default behaviour has been changed ( By default, Microsoft Office opens documents from the internet in Protected View or Application Guard for Office both of which prevent the current attack ) \n\n * Requires social engineering to be exploited \n\n * Workaround easy to deploy\n\n**NinjaOperator** at September 07, 2021 6:45pm UTC reported:\n\n * Vulnerable if default behaviour has been changed ( By default, Microsoft Office opens documents from the internet in Protected View or Application Guard for Office both of which prevent the current attack ) \n\n * Requires social engineering to be exploited \n\n * Workaround easy to deploy\n\nAssessed Attacker Value: 3 \nAssessed Attacker Value: 3Assessed Attacker Value: 2\n", "published": "2021-09-15T00:00:00", "modified": "2021-09-25T00:00:00", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}, "cvss2": {}, "cvss3": {}, "href": "https://attackerkb.com/topics/6ojqzQoPox/cve-2021-40444", "reporter": "AttackerKB", "references": ["https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-40444", "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-40444", "http://packetstormsecurity.com/files/164210/Microsoft-Windows-MSHTML-Overview.html"], "cvelist": ["CVE-2021-40444"], "immutableFields": [], "lastseen": "2021-10-09T04:42:04", "history": [], "viewCount": 52, "enchantments": {"dependencies": {"references": [{"type": "cve", "idList": ["CVE-2021-40444"]}, {"type": "kitploit", "idList": ["KITPLOIT:4033244480100620751", "KITPLOIT:942518396640901655", "KITPLOIT:3456474172768099634", "KITPLOIT:698315176468431184", "KITPLOIT:3697667464193804316", "KITPLOIT:5187040326820919368", "KITPLOIT:5550923684662771880", "KITPLOIT:5230148353750207837", "KITPLOIT:5184284878903042540", "KITPLOIT:2590785192528609562", "KITPLOIT:1624142243530526923", "KITPLOIT:4074521293617632933"]}, {"type": "cisa", "idList": ["CISA:C70D91615E3DC8B589B493118D474566"]}, {"type": "securelist", "idList": ["SECURELIST:63306FA6D056BD9A04969409AC790D84"]}, {"type": "mssecure", "idList": ["MSSECURE:795E0A765679492C51FEFA2B19EAD597"]}, {"type": "mmpc", "idList": ["MMPC:795E0A765679492C51FEFA2B19EAD597"]}, {"type": "trendmicroblog", "idList": ["TRENDMICROBLOG:E17B66F8728189778826A0F497A540F2", "TRENDMICROBLOG:E0C479F55DF4C53A47CA2170110555AE"]}, {"type": "mskb", "idList": ["KB5005563"]}, {"type": "threatpost", "idList": ["THREATPOST:62DC935BF4DB4EF8A4F1E83519B1D5CD", "THREATPOST:6D61C560E85ECD0A7A35C55E74849510", "THREATPOST:3C3F20C93519036CC712D1CA3A6D7C48"]}, {"type": "nessus", "idList": ["SMB_NT_MS21_SEP_5005569.NASL", "SMB_NT_MS21_SEP_5005565.NASL", "SMB_NT_MS21_SEP_5005566.NASL", "SMB_NT_MS21_IE_SEPT_2021.NASL", "SMB_NT_MS21_SEP_5005613.NASL", "SMB_NT_MS21_SEP_INTERNET_EXPLORER.NASL", "SMB_NT_MS21_SEP_5005573.NASL", "SMB_NT_MS21_SEP_5005568.NASL"]}, {"type": "kaspersky", "idList": ["KLA12278", "KLA12277"]}, {"type": "malwarebytes", "idList": ["MALWAREBYTES:DB54B348AF1AC41987150B5CE7B1BC66", "MALWAREBYTES:76333D1F0FCAFD79FA2EDD4A4CAFBB38", "MALWAREBYTES:801E20618F96EF51F9E60F7BC7906C2B"]}, {"type": "krebs", "idList": ["KREBS:2EC42B845847A6DCFE50ECEB9FF61C29", "KREBS:409088FC2DFC219B74043104C2B672CC"]}, {"type": "thn", "idList": ["THN:67ECC712AB360F5A56F2434CDBF6B51F", "THN:59AE75C78D4644BFA6AD90225B3DE0C1", "THN:D4E86BD8938D3B2E15104CA4922A51F8"]}, {"type": "mscve", "idList": ["MS:CVE-2021-40444"]}, {"type": "avleonov", "idList": ["AVLEONOV:5945665DFA613F7707360C10CED8C916"]}, {"type": "qualysblog", "idList": ["QUALYSBLOG:5576D16DC39617927D8AEFF027CC0911"]}, {"type": "rapid7blog", "idList": ["RAPID7BLOG:CC071AA6971D64B0F7A596B2BBD5F046"]}], "modified": "2021-10-05T10:41:56", "rev": 2}, "score": {"value": 4.4, "vector": "NONE", "modified": "2021-10-05T10:41:56", "rev": 2}}, "objectVersion": "1.6", "attackerkb": {"attackerValue": 3, "exploitability": 2}, "wildExploited": true, "wildExploitedCategory": {"Vendor Advisory": "", "News Article or Blog": ""}, "wildExploitedReports": [{"category": "Vendor Advisory", "source_url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-40444", "published": "2021-09-07T18:47:00"}, {"category": "Vendor Advisory", "source_url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-40444", "published": "2021-09-07T22:50:00"}, {"category": "Vendor Advisory", "source_url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-40444", "published": "2021-09-09T09:55:00"}, {"category": "News Article or Blog", "source_url": "", "published": "2021-09-10T05:06:00"}, {"category": "Vendor Advisory", "source_url": "https://www.microsoft.com/security/blog/2021/09/15/analyzing-attacks-that-exploit-the-mshtml-cve-2021-40444-vulnerability/", "published": "2021-09-17T14:53:00"}, {"category": "Threat Feed", "source_url": "", "published": "2021-09-17T14:53:00"}], "references_categories": {"Canonical": ["https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-40444"], "Miscellaneous": ["https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-40444", "http://packetstormsecurity.com/files/164210/Microsoft-Windows-MSHTML-Overview.html"]}, "tags": ["requires_interaction", "obscure_configuration"], "mitre_vector": {"Execution": ["Command and Scripting Interpreter: Windows Command Shell(Validated)", "Exploitation for Client Execution(Validated)", "User Execution(Validated)"]}, "last_activity": "2021-09-25T00:00:00"}, "lastseen": "2021-10-09T04:42:04", "differentElements": ["href"], "edition": 54}, {"bulletin": {"id": "AKB:F7CCD0B7-220B-49E5-A4DF-27E26B64A3F0", "hash": "f895324dfc94580c2fd6a7d9a0f2f27a", "type": "attackerkb", "bulletinFamily": "info", "title": "CVE-2021-40444", "description": "Microsoft MSHTML Remote Code Execution Vulnerability\n\n \n**Recent assessments:** \n \n**JunquerGJ** at September 07, 2021 10:50pm UTC reported:\n\n * Vulnerable if default behaviour has been changed ( By default, Microsoft Office opens documents from the internet in Protected View or Application Guard for Office both of which prevent the current attack ) \n\n * Requires social engineering to be exploited \n\n * Workaround easy to deploy\n\n**ccondon-r7** at September 07, 2021 7:12pm UTC reported:\n\n * Vulnerable if default behaviour has been changed ( By default, Microsoft Office opens documents from the internet in Protected View or Application Guard for Office both of which prevent the current attack ) \n\n * Requires social engineering to be exploited \n\n * Workaround easy to deploy\n\n**nu11secur1ty** at September 22, 2021 4:28pm UTC reported:\n\n * Vulnerable if default behaviour has been changed ( By default, Microsoft Office opens documents from the internet in Protected View or Application Guard for Office both of which prevent the current attack ) \n\n * Requires social engineering to be exploited \n\n * Workaround easy to deploy\n\n**NinjaOperator** at September 07, 2021 6:45pm UTC reported:\n\n * Vulnerable if default behaviour has been changed ( By default, Microsoft Office opens documents from the internet in Protected View or Application Guard for Office both of which prevent the current attack ) \n\n * Requires social engineering to be exploited \n\n * Workaround easy to deploy\n\nAssessed Attacker Value: 3 \nAssessed Attacker Value: 3Assessed Attacker Value: 2\n", "published": "2021-09-15T00:00:00", "modified": "2021-09-25T00:00:00", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}, "cvss2": {}, "cvss3": {}, "href": "https://attackerkb.com/comments/d5168efc-757d-4584-a59f-dd75d566c156", "reporter": "AttackerKB", "references": ["https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-40444", "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-40444", "http://packetstormsecurity.com/files/164210/Microsoft-Windows-MSHTML-Overview.html"], "cvelist": ["CVE-2021-40444"], "immutableFields": [], "lastseen": "2021-10-09T07:41:22", "history": [], "viewCount": 52, "enchantments": {"dependencies": {"references": [{"type": "cve", "idList": ["CVE-2021-40444"]}, {"type": "kitploit", "idList": ["KITPLOIT:4033244480100620751", "KITPLOIT:942518396640901655", "KITPLOIT:3456474172768099634", "KITPLOIT:698315176468431184", "KITPLOIT:3697667464193804316", "KITPLOIT:5187040326820919368", "KITPLOIT:5550923684662771880", "KITPLOIT:5230148353750207837", "KITPLOIT:5184284878903042540", "KITPLOIT:2590785192528609562", "KITPLOIT:1624142243530526923", "KITPLOIT:4074521293617632933"]}, {"type": "cisa", "idList": ["CISA:C70D91615E3DC8B589B493118D474566"]}, {"type": "securelist", "idList": ["SECURELIST:63306FA6D056BD9A04969409AC790D84"]}, {"type": "mssecure", "idList": ["MSSECURE:795E0A765679492C51FEFA2B19EAD597"]}, {"type": "mmpc", "idList": ["MMPC:795E0A765679492C51FEFA2B19EAD597"]}, {"type": "trendmicroblog", "idList": ["TRENDMICROBLOG:E17B66F8728189778826A0F497A540F2", "TRENDMICROBLOG:E0C479F55DF4C53A47CA2170110555AE"]}, {"type": "mskb", "idList": ["KB5005563"]}, {"type": "threatpost", "idList": ["THREATPOST:62DC935BF4DB4EF8A4F1E83519B1D5CD", "THREATPOST:6D61C560E85ECD0A7A35C55E74849510", "THREATPOST:3C3F20C93519036CC712D1CA3A6D7C48"]}, {"type": "nessus", "idList": ["SMB_NT_MS21_SEP_5005569.NASL", "SMB_NT_MS21_SEP_5005565.NASL", "SMB_NT_MS21_SEP_5005566.NASL", "SMB_NT_MS21_IE_SEPT_2021.NASL", "SMB_NT_MS21_SEP_5005613.NASL", "SMB_NT_MS21_SEP_INTERNET_EXPLORER.NASL", "SMB_NT_MS21_SEP_5005573.NASL", "SMB_NT_MS21_SEP_5005568.NASL"]}, {"type": "kaspersky", "idList": ["KLA12278", "KLA12277"]}, {"type": "malwarebytes", "idList": ["MALWAREBYTES:DB54B348AF1AC41987150B5CE7B1BC66", "MALWAREBYTES:76333D1F0FCAFD79FA2EDD4A4CAFBB38", "MALWAREBYTES:801E20618F96EF51F9E60F7BC7906C2B"]}, {"type": "krebs", "idList": ["KREBS:2EC42B845847A6DCFE50ECEB9FF61C29", "KREBS:409088FC2DFC219B74043104C2B672CC"]}, {"type": "thn", "idList": ["THN:67ECC712AB360F5A56F2434CDBF6B51F", "THN:59AE75C78D4644BFA6AD90225B3DE0C1", "THN:D4E86BD8938D3B2E15104CA4922A51F8"]}, {"type": "mscve", "idList": ["MS:CVE-2021-40444"]}, {"type": "avleonov", "idList": ["AVLEONOV:5945665DFA613F7707360C10CED8C916"]}, {"type": "qualysblog", "idList": ["QUALYSBLOG:5576D16DC39617927D8AEFF027CC0911"]}, {"type": "rapid7blog", "idList": ["RAPID7BLOG:CC071AA6971D64B0F7A596B2BBD5F046"]}], "modified": "2021-10-05T10:41:56", "rev": 2}, "score": {"value": 4.4, "vector": "NONE", "modified": "2021-10-05T10:41:56", "rev": 2}}, "objectVersion": "1.6", "attackerkb": {"attackerValue": 3, "exploitability": 2}, "wildExploited": true, "wildExploitedCategory": {"Vendor Advisory": "", "News Article or Blog": ""}, "wildExploitedReports": [{"category": "Vendor Advisory", "source_url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-40444", "published": "2021-09-07T18:47:00"}, {"category": "Vendor Advisory", "source_url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-40444", "published": "2021-09-07T22:50:00"}, {"category": "Vendor Advisory", "source_url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-40444", "published": "2021-09-09T09:55:00"}, {"category": "News Article or Blog", "source_url": "", "published": "2021-09-10T05:06:00"}, {"category": "Vendor Advisory", "source_url": "https://www.microsoft.com/security/blog/2021/09/15/analyzing-attacks-that-exploit-the-mshtml-cve-2021-40444-vulnerability/", "published": "2021-09-17T14:53:00"}, {"category": "Threat Feed", "source_url": "", "published": "2021-09-17T14:53:00"}], "references_categories": {"Canonical": ["https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-40444"], "Miscellaneous": ["https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-40444", "http://packetstormsecurity.com/files/164210/Microsoft-Windows-MSHTML-Overview.html"]}, "tags": ["requires_interaction", "obscure_configuration"], "mitre_vector": {"Execution": ["Command and Scripting Interpreter: Windows Command Shell(Validated)", "Exploitation for Client Execution(Validated)", "User Execution(Validated)"]}, "last_activity": "2021-09-25T00:00:00"}, "lastseen": "2021-10-09T07:41:22", "differentElements": ["href"], "edition": 55}, {"bulletin": {"id": "AKB:F7CCD0B7-220B-49E5-A4DF-27E26B64A3F0", "hash": "3d52b470d5472513daaca763ba17c977", "type": "attackerkb", "bulletinFamily": "info", "title": "CVE-2021-40444", "description": "Microsoft MSHTML Remote Code Execution Vulnerability\n\n \n**Recent assessments:** \n \n**JunquerGJ** at September 07, 2021 10:50pm UTC reported:\n\n * Vulnerable if default behaviour has been changed ( By default, Microsoft Office opens documents from the internet in Protected View or Application Guard for Office both of which prevent the current attack ) \n\n * Requires social engineering to be exploited \n\n * Workaround easy to deploy\n\n**ccondon-r7** at September 07, 2021 7:12pm UTC reported:\n\n * Vulnerable if default behaviour has been changed ( By default, Microsoft Office opens documents from the internet in Protected View or Application Guard for Office both of which prevent the current attack ) \n\n * Requires social engineering to be exploited \n\n * Workaround easy to deploy\n\n**nu11secur1ty** at September 22, 2021 4:28pm UTC reported:\n\n * Vulnerable if default behaviour has been changed ( By default, Microsoft Office opens documents from the internet in Protected View or Application Guard for Office both of which prevent the current attack ) \n\n * Requires social engineering to be exploited \n\n * Workaround easy to deploy\n\n**NinjaOperator** at September 07, 2021 6:45pm UTC reported:\n\n * Vulnerable if default behaviour has been changed ( By default, Microsoft Office opens documents from the internet in Protected View or Application Guard for Office both of which prevent the current attack ) \n\n * Requires social engineering to be exploited \n\n * Workaround easy to deploy\n\nAssessed Attacker Value: 3 \nAssessed Attacker Value: 3Assessed Attacker Value: 2\n", "published": "2021-09-15T00:00:00", "modified": "2021-09-25T00:00:00", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}, "cvss2": {}, "cvss3": {}, "href": "https://attackerkb.com/topics/6ojqzQoPox/cve-2021-40444", "reporter": "AttackerKB", "references": ["https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-40444", "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-40444", "http://packetstormsecurity.com/files/164210/Microsoft-Windows-MSHTML-Overview.html"], "cvelist": ["CVE-2021-40444"], "immutableFields": [], "lastseen": "2021-10-09T07:41:25", "history": [], "viewCount": 52, "enchantments": {"dependencies": {"references": [{"type": "cve", "idList": ["CVE-2021-40444"]}, {"type": "kitploit", "idList": ["KITPLOIT:4033244480100620751", "KITPLOIT:942518396640901655", "KITPLOIT:3456474172768099634", "KITPLOIT:698315176468431184", "KITPLOIT:3697667464193804316", "KITPLOIT:5187040326820919368", "KITPLOIT:5550923684662771880", "KITPLOIT:5230148353750207837", "KITPLOIT:5184284878903042540", "KITPLOIT:2590785192528609562", "KITPLOIT:1624142243530526923", "KITPLOIT:4074521293617632933"]}, {"type": "cisa", "idList": ["CISA:C70D91615E3DC8B589B493118D474566"]}, {"type": "securelist", "idList": ["SECURELIST:63306FA6D056BD9A04969409AC790D84"]}, {"type": "mssecure", "idList": ["MSSECURE:795E0A765679492C51FEFA2B19EAD597"]}, {"type": "mmpc", "idList": ["MMPC:795E0A765679492C51FEFA2B19EAD597"]}, {"type": "trendmicroblog", "idList": ["TRENDMICROBLOG:E17B66F8728189778826A0F497A540F2", "TRENDMICROBLOG:E0C479F55DF4C53A47CA2170110555AE"]}, {"type": "mskb", "idList": ["KB5005563"]}, {"type": "threatpost", "idList": ["THREATPOST:62DC935BF4DB4EF8A4F1E83519B1D5CD", "THREATPOST:6D61C560E85ECD0A7A35C55E74849510", "THREATPOST:3C3F20C93519036CC712D1CA3A6D7C48"]}, {"type": "nessus", "idList": ["SMB_NT_MS21_SEP_5005569.NASL", "SMB_NT_MS21_SEP_5005565.NASL", "SMB_NT_MS21_SEP_5005566.NASL", "SMB_NT_MS21_IE_SEPT_2021.NASL", "SMB_NT_MS21_SEP_5005613.NASL", "SMB_NT_MS21_SEP_INTERNET_EXPLORER.NASL", "SMB_NT_MS21_SEP_5005573.NASL", "SMB_NT_MS21_SEP_5005568.NASL"]}, {"type": "kaspersky", "idList": ["KLA12278", "KLA12277"]}, {"type": "malwarebytes", "idList": ["MALWAREBYTES:DB54B348AF1AC41987150B5CE7B1BC66", "MALWAREBYTES:76333D1F0FCAFD79FA2EDD4A4CAFBB38", "MALWAREBYTES:801E20618F96EF51F9E60F7BC7906C2B"]}, {"type": "krebs", "idList": ["KREBS:2EC42B845847A6DCFE50ECEB9FF61C29", "KREBS:409088FC2DFC219B74043104C2B672CC"]}, {"type": "thn", "idList": ["THN:67ECC712AB360F5A56F2434CDBF6B51F", "THN:59AE75C78D4644BFA6AD90225B3DE0C1", "THN:D4E86BD8938D3B2E15104CA4922A51F8"]}, {"type": "mscve", "idList": ["MS:CVE-2021-40444"]}, {"type": "avleonov", "idList": ["AVLEONOV:5945665DFA613F7707360C10CED8C916"]}, {"type": "qualysblog", "idList": ["QUALYSBLOG:5576D16DC39617927D8AEFF027CC0911"]}, {"type": "rapid7blog", "idList": ["RAPID7BLOG:CC071AA6971D64B0F7A596B2BBD5F046"]}], "modified": "2021-10-05T10:41:56", "rev": 2}, "score": {"value": 4.4, "vector": "NONE", "modified": "2021-10-05T10:41:56", "rev": 2}}, "objectVersion": "1.6", "attackerkb": {"attackerValue": 3, "exploitability": 2}, "wildExploited": true, "wildExploitedCategory": {"Vendor Advisory": "", "News Article or Blog": ""}, "wildExploitedReports": [{"category": "Vendor Advisory", "source_url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-40444", "published": "2021-09-07T18:47:00"}, {"category": "Vendor Advisory", "source_url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-40444", "published": "2021-09-07T22:50:00"}, {"category": "Vendor Advisory", "source_url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-40444", "published": "2021-09-09T09:55:00"}, {"category": "News Article or Blog", "source_url": "", "published": "2021-09-10T05:06:00"}, {"category": "Vendor Advisory", "source_url": "https://www.microsoft.com/security/blog/2021/09/15/analyzing-attacks-that-exploit-the-mshtml-cve-2021-40444-vulnerability/", "published": "2021-09-17T14:53:00"}, {"category": "Threat Feed", "source_url": "", "published": "2021-09-17T14:53:00"}], "references_categories": {"Canonical": ["https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-40444"], "Miscellaneous": ["https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-40444", "http://packetstormsecurity.com/files/164210/Microsoft-Windows-MSHTML-Overview.html"]}, "tags": ["requires_interaction", "obscure_configuration"], "mitre_vector": {"Execution": ["Command and Scripting Interpreter: Windows Command Shell(Validated)", "Exploitation for Client Execution(Validated)", "User Execution(Validated)"]}, "last_activity": "2021-09-25T00:00:00"}, "lastseen": "2021-10-09T07:41:25", "differentElements": ["href"], "edition": 56}, {"bulletin": {"id": "AKB:F7CCD0B7-220B-49E5-A4DF-27E26B64A3F0", "hash": "f895324dfc94580c2fd6a7d9a0f2f27a", "type": "attackerkb", "bulletinFamily": "info", "title": "CVE-2021-40444", "description": "Microsoft MSHTML Remote Code Execution Vulnerability\n\n \n**Recent assessments:** \n \n**JunquerGJ** at September 07, 2021 10:50pm UTC reported:\n\n * Vulnerable if default behaviour has been changed ( By default, Microsoft Office opens documents from the internet in Protected View or Application Guard for Office both of which prevent the current attack ) \n\n * Requires social engineering to be exploited \n\n * Workaround easy to deploy\n\n**ccondon-r7** at September 07, 2021 7:12pm UTC reported:\n\n * Vulnerable if default behaviour has been changed ( By default, Microsoft Office opens documents from the internet in Protected View or Application Guard for Office both of which prevent the current attack ) \n\n * Requires social engineering to be exploited \n\n * Workaround easy to deploy\n\n**nu11secur1ty** at September 22, 2021 4:28pm UTC reported:\n\n * Vulnerable if default behaviour has been changed ( By default, Microsoft Office opens documents from the internet in Protected View or Application Guard for Office both of which prevent the current attack ) \n\n * Requires social engineering to be exploited \n\n * Workaround easy to deploy\n\n**NinjaOperator** at September 07, 2021 6:45pm UTC reported:\n\n * Vulnerable if default behaviour has been changed ( By default, Microsoft Office opens documents from the internet in Protected View or Application Guard for Office both of which prevent the current attack ) \n\n * Requires social engineering to be exploited \n\n * Workaround easy to deploy\n\nAssessed Attacker Value: 3 \nAssessed Attacker Value: 3Assessed Attacker Value: 2\n", "published": "2021-09-15T00:00:00", "modified": "2021-09-25T00:00:00", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}, "cvss2": {}, "cvss3": {}, "href": "https://attackerkb.com/comments/d5168efc-757d-4584-a59f-dd75d566c156", "reporter": "AttackerKB", "references": ["https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-40444", "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-40444", "http://packetstormsecurity.com/files/164210/Microsoft-Windows-MSHTML-Overview.html"], "cvelist": ["CVE-2021-40444"], "immutableFields": [], "lastseen": "2021-10-09T10:41:08", "history": [], "viewCount": 52, "enchantments": {"dependencies": {"references": [{"type": "cve", "idList": ["CVE-2021-40444"]}, {"type": "kitploit", "idList": ["KITPLOIT:4033244480100620751", "KITPLOIT:942518396640901655", "KITPLOIT:3456474172768099634", "KITPLOIT:698315176468431184", "KITPLOIT:3697667464193804316", "KITPLOIT:5187040326820919368", "KITPLOIT:5550923684662771880", "KITPLOIT:5230148353750207837", "KITPLOIT:5184284878903042540", "KITPLOIT:2590785192528609562", "KITPLOIT:1624142243530526923", "KITPLOIT:4074521293617632933"]}, {"type": "cisa", "idList": ["CISA:C70D91615E3DC8B589B493118D474566"]}, {"type": "securelist", "idList": ["SECURELIST:63306FA6D056BD9A04969409AC790D84"]}, {"type": "mssecure", "idList": ["MSSECURE:795E0A765679492C51FEFA2B19EAD597"]}, {"type": "mmpc", "idList": ["MMPC:795E0A765679492C51FEFA2B19EAD597"]}, {"type": "trendmicroblog", "idList": ["TRENDMICROBLOG:E17B66F8728189778826A0F497A540F2", "TRENDMICROBLOG:E0C479F55DF4C53A47CA2170110555AE"]}, {"type": "mskb", "idList": ["KB5005563"]}, {"type": "threatpost", "idList": ["THREATPOST:62DC935BF4DB4EF8A4F1E83519B1D5CD", "THREATPOST:6D61C560E85ECD0A7A35C55E74849510", "THREATPOST:3C3F20C93519036CC712D1CA3A6D7C48"]}, {"type": "nessus", "idList": ["SMB_NT_MS21_SEP_5005569.NASL", "SMB_NT_MS21_SEP_5005565.NASL", "SMB_NT_MS21_SEP_5005566.NASL", "SMB_NT_MS21_IE_SEPT_2021.NASL", "SMB_NT_MS21_SEP_5005613.NASL", "SMB_NT_MS21_SEP_INTERNET_EXPLORER.NASL", "SMB_NT_MS21_SEP_5005573.NASL", "SMB_NT_MS21_SEP_5005568.NASL"]}, {"type": "kaspersky", "idList": ["KLA12278", "KLA12277"]}, {"type": "malwarebytes", "idList": ["MALWAREBYTES:DB54B348AF1AC41987150B5CE7B1BC66", "MALWAREBYTES:76333D1F0FCAFD79FA2EDD4A4CAFBB38", "MALWAREBYTES:801E20618F96EF51F9E60F7BC7906C2B"]}, {"type": "krebs", "idList": ["KREBS:2EC42B845847A6DCFE50ECEB9FF61C29", "KREBS:409088FC2DFC219B74043104C2B672CC"]}, {"type": "thn", "idList": ["THN:67ECC712AB360F5A56F2434CDBF6B51F", "THN:59AE75C78D4644BFA6AD90225B3DE0C1", "THN:D4E86BD8938D3B2E15104CA4922A51F8"]}, {"type": "mscve", "idList": ["MS:CVE-2021-40444"]}, {"type": "avleonov", "idList": ["AVLEONOV:5945665DFA613F7707360C10CED8C916"]}, {"type": "qualysblog", "idList": ["QUALYSBLOG:5576D16DC39617927D8AEFF027CC0911"]}, {"type": "rapid7blog", "idList": ["RAPID7BLOG:CC071AA6971D64B0F7A596B2BBD5F046"]}], "modified": "2021-10-05T10:41:56", "rev": 2}, "score": {"value": 4.4, "vector": "NONE", "modified": "2021-10-05T10:41:56", "rev": 2}}, "objectVersion": "1.6", "attackerkb": {"attackerValue": 3, "exploitability": 2}, "wildExploited": true, "wildExploitedCategory": {"Vendor Advisory": "", "News Article or Blog": ""}, "wildExploitedReports": [{"category": "Vendor Advisory", "source_url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-40444", "published": "2021-09-07T18:47:00"}, {"category": "Vendor Advisory", "source_url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-40444", "published": "2021-09-07T22:50:00"}, {"category": "Vendor Advisory", "source_url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-40444", "published": "2021-09-09T09:55:00"}, {"category": "News Article or Blog", "source_url": "", "published": "2021-09-10T05:06:00"}, {"category": "Vendor Advisory", "source_url": "https://www.microsoft.com/security/blog/2021/09/15/analyzing-attacks-that-exploit-the-mshtml-cve-2021-40444-vulnerability/", "published": "2021-09-17T14:53:00"}, {"category": "Threat Feed", "source_url": "", "published": "2021-09-17T14:53:00"}], "references_categories": {"Canonical": ["https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-40444"], "Miscellaneous": ["https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-40444", "http://packetstormsecurity.com/files/164210/Microsoft-Windows-MSHTML-Overview.html"]}, "tags": ["requires_interaction", "obscure_configuration"], "mitre_vector": {"Execution": ["Command and Scripting Interpreter: Windows Command Shell(Validated)", "Exploitation for Client Execution(Validated)", "User Execution(Validated)"]}, "last_activity": "2021-09-25T00:00:00"}, "lastseen": "2021-10-09T10:41:08", "differentElements": ["href"], "edition": 57}, {"bulletin": {"id": "AKB:F7CCD0B7-220B-49E5-A4DF-27E26B64A3F0", "hash": "3d52b470d5472513daaca763ba17c977", "type": "attackerkb", "bulletinFamily": "info", "title": "CVE-2021-40444", "description": "Microsoft MSHTML Remote Code Execution Vulnerability\n\n \n**Recent assessments:** \n \n**JunquerGJ** at September 07, 2021 10:50pm UTC reported:\n\n * Vulnerable if default behaviour has been changed ( By default, Microsoft Office opens documents from the internet in Protected View or Application Guard for Office both of which prevent the current attack ) \n\n * Requires social engineering to be exploited \n\n * Workaround easy to deploy\n\n**ccondon-r7** at September 07, 2021 7:12pm UTC reported:\n\n * Vulnerable if default behaviour has been changed ( By default, Microsoft Office opens documents from the internet in Protected View or Application Guard for Office both of which prevent the current attack ) \n\n * Requires social engineering to be exploited \n\n * Workaround easy to deploy\n\n**nu11secur1ty** at September 22, 2021 4:28pm UTC reported:\n\n * Vulnerable if default behaviour has been changed ( By default, Microsoft Office opens documents from the internet in Protected View or Application Guard for Office both of which prevent the current attack ) \n\n * Requires social engineering to be exploited \n\n * Workaround easy to deploy\n\n**NinjaOperator** at September 07, 2021 6:45pm UTC reported:\n\n * Vulnerable if default behaviour has been changed ( By default, Microsoft Office opens documents from the internet in Protected View or Application Guard for Office both of which prevent the current attack ) \n\n * Requires social engineering to be exploited \n\n * Workaround easy to deploy\n\nAssessed Attacker Value: 3 \nAssessed Attacker Value: 3Assessed Attacker Value: 2\n", "published": "2021-09-15T00:00:00", "modified": "2021-09-25T00:00:00", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}, "cvss2": {}, "cvss3": {}, "href": "https://attackerkb.com/topics/6ojqzQoPox/cve-2021-40444", "reporter": "AttackerKB", "references": ["https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-40444", "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-40444", "http://packetstormsecurity.com/files/164210/Microsoft-Windows-MSHTML-Overview.html"], "cvelist": ["CVE-2021-40444"], "immutableFields": [], "lastseen": "2021-10-09T13:41:42", "history": [], "viewCount": 52, "enchantments": {"dependencies": {"references": [{"type": "cve", "idList": ["CVE-2021-40444"]}, {"type": "kitploit", "idList": ["KITPLOIT:4033244480100620751", "KITPLOIT:942518396640901655", "KITPLOIT:3456474172768099634", "KITPLOIT:698315176468431184", "KITPLOIT:3697667464193804316", "KITPLOIT:5187040326820919368", "KITPLOIT:5550923684662771880", "KITPLOIT:5230148353750207837", "KITPLOIT:5184284878903042540", "KITPLOIT:2590785192528609562", "KITPLOIT:1624142243530526923", "KITPLOIT:4074521293617632933"]}, {"type": "cisa", "idList": ["CISA:C70D91615E3DC8B589B493118D474566"]}, {"type": "securelist", "idList": ["SECURELIST:63306FA6D056BD9A04969409AC790D84"]}, {"type": "mssecure", "idList": ["MSSECURE:795E0A765679492C51FEFA2B19EAD597"]}, {"type": "mmpc", "idList": ["MMPC:795E0A765679492C51FEFA2B19EAD597"]}, {"type": "trendmicroblog", "idList": ["TRENDMICROBLOG:E17B66F8728189778826A0F497A540F2", "TRENDMICROBLOG:E0C479F55DF4C53A47CA2170110555AE"]}, {"type": "mskb", "idList": ["KB5005563"]}, {"type": "threatpost", "idList": ["THREATPOST:62DC935BF4DB4EF8A4F1E83519B1D5CD", "THREATPOST:6D61C560E85ECD0A7A35C55E74849510", "THREATPOST:3C3F20C93519036CC712D1CA3A6D7C48"]}, {"type": "nessus", "idList": ["SMB_NT_MS21_SEP_5005569.NASL", "SMB_NT_MS21_SEP_5005565.NASL", "SMB_NT_MS21_SEP_5005566.NASL", "SMB_NT_MS21_IE_SEPT_2021.NASL", "SMB_NT_MS21_SEP_5005613.NASL", "SMB_NT_MS21_SEP_INTERNET_EXPLORER.NASL", "SMB_NT_MS21_SEP_5005573.NASL", "SMB_NT_MS21_SEP_5005568.NASL"]}, {"type": "kaspersky", "idList": ["KLA12278", "KLA12277"]}, {"type": "malwarebytes", "idList": ["MALWAREBYTES:DB54B348AF1AC41987150B5CE7B1BC66", "MALWAREBYTES:76333D1F0FCAFD79FA2EDD4A4CAFBB38", "MALWAREBYTES:801E20618F96EF51F9E60F7BC7906C2B"]}, {"type": "krebs", "idList": ["KREBS:2EC42B845847A6DCFE50ECEB9FF61C29", "KREBS:409088FC2DFC219B74043104C2B672CC"]}, {"type": "thn", "idList": ["THN:67ECC712AB360F5A56F2434CDBF6B51F", "THN:59AE75C78D4644BFA6AD90225B3DE0C1", "THN:D4E86BD8938D3B2E15104CA4922A51F8"]}, {"type": "mscve", "idList": ["MS:CVE-2021-40444"]}, {"type": "avleonov", "idList": ["AVLEONOV:5945665DFA613F7707360C10CED8C916"]}, {"type": "qualysblog", "idList": ["QUALYSBLOG:5576D16DC39617927D8AEFF027CC0911"]}, {"type": "rapid7blog", "idList": ["RAPID7BLOG:CC071AA6971D64B0F7A596B2BBD5F046"]}], "modified": "2021-10-05T10:41:56", "rev": 2}, "score": {"value": 4.4, "vector": "NONE", "modified": "2021-10-05T10:41:56", "rev": 2}}, "objectVersion": "1.6", "attackerkb": {"attackerValue": 3, "exploitability": 2}, "wildExploited": true, "wildExploitedCategory": {"Vendor Advisory": "", "News Article or Blog": ""}, "wildExploitedReports": [{"category": "Vendor Advisory", "source_url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-40444", "published": "2021-09-07T18:47:00"}, {"category": "Vendor Advisory", "source_url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-40444", "published": "2021-09-07T22:50:00"}, {"category": "Vendor Advisory", "source_url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-40444", "published": "2021-09-09T09:55:00"}, {"category": "News Article or Blog", "source_url": "", "published": "2021-09-10T05:06:00"}, {"category": "Vendor Advisory", "source_url": "https://www.microsoft.com/security/blog/2021/09/15/analyzing-attacks-that-exploit-the-mshtml-cve-2021-40444-vulnerability/", "published": "2021-09-17T14:53:00"}, {"category": "Threat Feed", "source_url": "", "published": "2021-09-17T14:53:00"}], "references_categories": {"Canonical": ["https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-40444"], "Miscellaneous": ["https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-40444", "http://packetstormsecurity.com/files/164210/Microsoft-Windows-MSHTML-Overview.html"]}, "tags": ["requires_interaction", "obscure_configuration"], "mitre_vector": {"Execution": ["Command and Scripting Interpreter: Windows Command Shell(Validated)", "Exploitation for Client Execution(Validated)", "User Execution(Validated)"]}, "last_activity": "2021-09-25T00:00:00"}, "lastseen": "2021-10-09T13:41:42", "differentElements": ["href"], "edition": 58}, {"bulletin": {"id": "AKB:F7CCD0B7-220B-49E5-A4DF-27E26B64A3F0", "hash": "f895324dfc94580c2fd6a7d9a0f2f27a", "type": "attackerkb", "bulletinFamily": "info", "title": "CVE-2021-40444", "description": "Microsoft MSHTML Remote Code Execution Vulnerability\n\n \n**Recent assessments:** \n \n**JunquerGJ** at September 07, 2021 10:50pm UTC reported:\n\n * Vulnerable if default behaviour has been changed ( By default, Microsoft Office opens documents from the internet in Protected View or Application Guard for Office both of which prevent the current attack ) \n\n * Requires social engineering to be exploited \n\n * Workaround easy to deploy\n\n**ccondon-r7** at September 07, 2021 7:12pm UTC reported:\n\n * Vulnerable if default behaviour has been changed ( By default, Microsoft Office opens documents from the internet in Protected View or Application Guard for Office both of which prevent the current attack ) \n\n * Requires social engineering to be exploited \n\n * Workaround easy to deploy\n\n**nu11secur1ty** at September 22, 2021 4:28pm UTC reported:\n\n * Vulnerable if default behaviour has been changed ( By default, Microsoft Office opens documents from the internet in Protected View or Application Guard for Office both of which prevent the current attack ) \n\n * Requires social engineering to be exploited \n\n * Workaround easy to deploy\n\n**NinjaOperator** at September 07, 2021 6:45pm UTC reported:\n\n * Vulnerable if default behaviour has been changed ( By default, Microsoft Office opens documents from the internet in Protected View or Application Guard for Office both of which prevent the current attack ) \n\n * Requires social engineering to be exploited \n\n * Workaround easy to deploy\n\nAssessed Attacker Value: 3 \nAssessed Attacker Value: 3Assessed Attacker Value: 2\n", "published": "2021-09-15T00:00:00", "modified": "2021-09-25T00:00:00", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}, "cvss2": {}, "cvss3": {}, "href": "https://attackerkb.com/comments/d5168efc-757d-4584-a59f-dd75d566c156", "reporter": "AttackerKB", "references": ["https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-40444", "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-40444", "http://packetstormsecurity.com/files/164210/Microsoft-Windows-MSHTML-Overview.html"], "cvelist": ["CVE-2021-40444"], "immutableFields": [], "lastseen": "2021-10-09T13:42:14", "history": [], "viewCount": 52, "enchantments": {"dependencies": {"references": [{"type": "cve", "idList": ["CVE-2021-40444"]}, {"type": "kitploit", "idList": ["KITPLOIT:4033244480100620751", "KITPLOIT:942518396640901655", "KITPLOIT:3456474172768099634", "KITPLOIT:698315176468431184", "KITPLOIT:3697667464193804316", "KITPLOIT:5187040326820919368", "KITPLOIT:5550923684662771880", "KITPLOIT:5230148353750207837", "KITPLOIT:5184284878903042540", "KITPLOIT:2590785192528609562", "KITPLOIT:1624142243530526923", "KITPLOIT:4074521293617632933"]}, {"type": "cisa", "idList": ["CISA:C70D91615E3DC8B589B493118D474566"]}, {"type": "securelist", "idList": ["SECURELIST:63306FA6D056BD9A04969409AC790D84"]}, {"type": "mssecure", "idList": ["MSSECURE:795E0A765679492C51FEFA2B19EAD597"]}, {"type": "mmpc", "idList": ["MMPC:795E0A765679492C51FEFA2B19EAD597"]}, {"type": "trendmicroblog", "idList": ["TRENDMICROBLOG:E17B66F8728189778826A0F497A540F2", "TRENDMICROBLOG:E0C479F55DF4C53A47CA2170110555AE"]}, {"type": "mskb", "idList": ["KB5005563"]}, {"type": "threatpost", "idList": ["THREATPOST:62DC935BF4DB4EF8A4F1E83519B1D5CD", "THREATPOST:6D61C560E85ECD0A7A35C55E74849510", "THREATPOST:3C3F20C93519036CC712D1CA3A6D7C48"]}, {"type": "nessus", "idList": ["SMB_NT_MS21_SEP_5005569.NASL", "SMB_NT_MS21_SEP_5005565.NASL", "SMB_NT_MS21_SEP_5005566.NASL", "SMB_NT_MS21_IE_SEPT_2021.NASL", "SMB_NT_MS21_SEP_5005613.NASL", "SMB_NT_MS21_SEP_INTERNET_EXPLORER.NASL", "SMB_NT_MS21_SEP_5005573.NASL", "SMB_NT_MS21_SEP_5005568.NASL"]}, {"type": "kaspersky", "idList": ["KLA12278", "KLA12277"]}, {"type": "malwarebytes", "idList": ["MALWAREBYTES:DB54B348AF1AC41987150B5CE7B1BC66", "MALWAREBYTES:76333D1F0FCAFD79FA2EDD4A4CAFBB38", "MALWAREBYTES:801E20618F96EF51F9E60F7BC7906C2B"]}, {"type": "krebs", "idList": ["KREBS:2EC42B845847A6DCFE50ECEB9FF61C29", "KREBS:409088FC2DFC219B74043104C2B672CC"]}, {"type": "thn", "idList": ["THN:67ECC712AB360F5A56F2434CDBF6B51F", "THN:59AE75C78D4644BFA6AD90225B3DE0C1", "THN:D4E86BD8938D3B2E15104CA4922A51F8"]}, {"type": "mscve", "idList": ["MS:CVE-2021-40444"]}, {"type": "avleonov", "idList": ["AVLEONOV:5945665DFA613F7707360C10CED8C916"]}, {"type": "qualysblog", "idList": ["QUALYSBLOG:5576D16DC39617927D8AEFF027CC0911"]}, {"type": "rapid7blog", "idList": ["RAPID7BLOG:CC071AA6971D64B0F7A596B2BBD5F046"]}], "modified": "2021-10-05T10:41:56", "rev": 2}, "score": {"value": 4.4, "vector": "NONE", "modified": "2021-10-05T10:41:56", "rev": 2}}, "objectVersion": "1.6", "attackerkb": {"attackerValue": 3, "exploitability": 2}, "wildExploited": true, "wildExploitedCategory": {"Vendor Advisory": "", "News Article or Blog": ""}, "wildExploitedReports": [{"category": "Vendor Advisory", "source_url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-40444", "published": "2021-09-07T18:47:00"}, {"category": "Vendor Advisory", "source_url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-40444", "published": "2021-09-07T22:50:00"}, {"category": "Vendor Advisory", "source_url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-40444", "published": "2021-09-09T09:55:00"}, {"category": "News Article or Blog", "source_url": "", "published": "2021-09-10T05:06:00"}, {"category": "Vendor Advisory", "source_url": "https://www.microsoft.com/security/blog/2021/09/15/analyzing-attacks-that-exploit-the-mshtml-cve-2021-40444-vulnerability/", "published": "2021-09-17T14:53:00"}, {"category": "Threat Feed", "source_url": "", "published": "2021-09-17T14:53:00"}], "references_categories": {"Canonical": ["https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-40444"], "Miscellaneous": ["https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-40444", "http://packetstormsecurity.com/files/164210/Microsoft-Windows-MSHTML-Overview.html"]}, "tags": ["requires_interaction", "obscure_configuration"], "mitre_vector": {"Execution": ["Command and Scripting Interpreter: Windows Command Shell(Validated)", "Exploitation for Client Execution(Validated)", "User Execution(Validated)"]}, "last_activity": "2021-09-25T00:00:00"}, "lastseen": "2021-10-09T13:42:14", "differentElements": ["href"], "edition": 59}, {"bulletin": {"id": "AKB:F7CCD0B7-220B-49E5-A4DF-27E26B64A3F0", "hash": "3d52b470d5472513daaca763ba17c977", "type": "attackerkb", "bulletinFamily": "info", "title": "CVE-2021-40444", "description": "Microsoft MSHTML Remote Code Execution Vulnerability\n\n \n**Recent assessments:** \n \n**JunquerGJ** at September 07, 2021 10:50pm UTC reported:\n\n * Vulnerable if default behaviour has been changed ( By default, Microsoft Office opens documents from the internet in Protected View or Application Guard for Office both of which prevent the current attack ) \n\n * Requires social engineering to be exploited \n\n * Workaround easy to deploy\n\n**ccondon-r7** at September 07, 2021 7:12pm UTC reported:\n\n * Vulnerable if default behaviour has been changed ( By default, Microsoft Office opens documents from the internet in Protected View or Application Guard for Office both of which prevent the current attack ) \n\n * Requires social engineering to be exploited \n\n * Workaround easy to deploy\n\n**nu11secur1ty** at September 22, 2021 4:28pm UTC reported:\n\n * Vulnerable if default behaviour has been changed ( By default, Microsoft Office opens documents from the internet in Protected View or Application Guard for Office both of which prevent the current attack ) \n\n * Requires social engineering to be exploited \n\n * Workaround easy to deploy\n\n**NinjaOperator** at September 07, 2021 6:45pm UTC reported:\n\n * Vulnerable if default behaviour has been changed ( By default, Microsoft Office opens documents from the internet in Protected View or Application Guard for Office both of which prevent the current attack ) \n\n * Requires social engineering to be exploited \n\n * Workaround easy to deploy\n\nAssessed Attacker Value: 3 \nAssessed Attacker Value: 3Assessed Attacker Value: 2\n", "published": "2021-09-15T00:00:00", "modified": "2021-09-25T00:00:00", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}, "cvss2": {}, "cvss3": {}, "href": "https://attackerkb.com/topics/6ojqzQoPox/cve-2021-40444", "reporter": "AttackerKB", "references": ["https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-40444", "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-40444", "http://packetstormsecurity.com/files/164210/Microsoft-Windows-MSHTML-Overview.html"], "cvelist": ["CVE-2021-40444"], "immutableFields": [], "lastseen": "2021-10-09T16:41:25", "history": [], "viewCount": 52, "enchantments": {"dependencies": {"references": [{"type": "cve", "idList": ["CVE-2021-40444"]}, {"type": "kitploit", "idList": ["KITPLOIT:4033244480100620751", "KITPLOIT:942518396640901655", "KITPLOIT:3456474172768099634", "KITPLOIT:698315176468431184", "KITPLOIT:3697667464193804316", "KITPLOIT:5187040326820919368", "KITPLOIT:5550923684662771880", "KITPLOIT:5230148353750207837", "KITPLOIT:5184284878903042540", "KITPLOIT:2590785192528609562", "KITPLOIT:1624142243530526923", "KITPLOIT:4074521293617632933"]}, {"type": "cisa", "idList": ["CISA:C70D91615E3DC8B589B493118D474566"]}, {"type": "securelist", "idList": ["SECURELIST:63306FA6D056BD9A04969409AC790D84"]}, {"type": "mssecure", "idList": ["MSSECURE:795E0A765679492C51FEFA2B19EAD597"]}, {"type": "mmpc", "idList": ["MMPC:795E0A765679492C51FEFA2B19EAD597"]}, {"type": "trendmicroblog", "idList": ["TRENDMICROBLOG:E17B66F8728189778826A0F497A540F2", "TRENDMICROBLOG:E0C479F55DF4C53A47CA2170110555AE"]}, {"type": "mskb", "idList": ["KB5005563"]}, {"type": "threatpost", "idList": ["THREATPOST:62DC935BF4DB4EF8A4F1E83519B1D5CD", "THREATPOST:6D61C560E85ECD0A7A35C55E74849510", "THREATPOST:3C3F20C93519036CC712D1CA3A6D7C48"]}, {"type": "nessus", "idList": ["SMB_NT_MS21_SEP_5005569.NASL", "SMB_NT_MS21_SEP_5005565.NASL", "SMB_NT_MS21_SEP_5005566.NASL", "SMB_NT_MS21_IE_SEPT_2021.NASL", "SMB_NT_MS21_SEP_5005613.NASL", "SMB_NT_MS21_SEP_INTERNET_EXPLORER.NASL", "SMB_NT_MS21_SEP_5005573.NASL", "SMB_NT_MS21_SEP_5005568.NASL"]}, {"type": "kaspersky", "idList": ["KLA12278", "KLA12277"]}, {"type": "malwarebytes", "idList": ["MALWAREBYTES:DB54B348AF1AC41987150B5CE7B1BC66", "MALWAREBYTES:76333D1F0FCAFD79FA2EDD4A4CAFBB38", "MALWAREBYTES:801E20618F96EF51F9E60F7BC7906C2B"]}, {"type": "krebs", "idList": ["KREBS:2EC42B845847A6DCFE50ECEB9FF61C29", "KREBS:409088FC2DFC219B74043104C2B672CC"]}, {"type": "thn", "idList": ["THN:67ECC712AB360F5A56F2434CDBF6B51F", "THN:59AE75C78D4644BFA6AD90225B3DE0C1", "THN:D4E86BD8938D3B2E15104CA4922A51F8"]}, {"type": "mscve", "idList": ["MS:CVE-2021-40444"]}, {"type": "avleonov", "idList": ["AVLEONOV:5945665DFA613F7707360C10CED8C916"]}, {"type": "qualysblog", "idList": ["QUALYSBLOG:5576D16DC39617927D8AEFF027CC0911"]}, {"type": "rapid7blog", "idList": ["RAPID7BLOG:CC071AA6971D64B0F7A596B2BBD5F046"]}], "modified": "2021-10-05T10:41:56", "rev": 2}, "score": {"value": 4.4, "vector": "NONE", "modified": "2021-10-05T10:41:56", "rev": 2}}, "objectVersion": "1.6", "attackerkb": {"attackerValue": 3, "exploitability": 2}, "wildExploited": true, "wildExploitedCategory": {"Vendor Advisory": "", "News Article or Blog": ""}, "wildExploitedReports": [{"category": "Vendor Advisory", "source_url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-40444", "published": "2021-09-07T18:47:00"}, {"category": "Vendor Advisory", "source_url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-40444", "published": "2021-09-07T22:50:00"}, {"category": "Vendor Advisory", "source_url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-40444", "published": "2021-09-09T09:55:00"}, {"category": "News Article or Blog", "source_url": "", "published": "2021-09-10T05:06:00"}, {"category": "Vendor Advisory", "source_url": "https://www.microsoft.com/security/blog/2021/09/15/analyzing-attacks-that-exploit-the-mshtml-cve-2021-40444-vulnerability/", "published": "2021-09-17T14:53:00"}, {"category": "Threat Feed", "source_url": "", "published": "2021-09-17T14:53:00"}], "references_categories": {"Canonical": ["https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-40444"], "Miscellaneous": ["https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-40444", "http://packetstormsecurity.com/files/164210/Microsoft-Windows-MSHTML-Overview.html"]}, "tags": ["requires_interaction", "obscure_configuration"], "mitre_vector": {"Execution": ["Command and Scripting Interpreter: Windows Command Shell(Validated)", "Exploitation for Client Execution(Validated)", "User Execution(Validated)"]}, "last_activity": "2021-09-25T00:00:00"}, "lastseen": "2021-10-09T16:41:25", "differentElements": ["href"], "edition": 60}, {"bulletin": {"id": "AKB:F7CCD0B7-220B-49E5-A4DF-27E26B64A3F0", "hash": "f895324dfc94580c2fd6a7d9a0f2f27a", "type": "attackerkb", "bulletinFamily": "info", "title": "CVE-2021-40444", "description": "Microsoft MSHTML Remote Code Execution Vulnerability\n\n \n**Recent assessments:** \n \n**JunquerGJ** at September 07, 2021 10:50pm UTC reported:\n\n * Vulnerable if default behaviour has been changed ( By default, Microsoft Office opens documents from the internet in Protected View or Application Guard for Office both of which prevent the current attack ) \n\n * Requires social engineering to be exploited \n\n * Workaround easy to deploy\n\n**ccondon-r7** at September 07, 2021 7:12pm UTC reported:\n\n * Vulnerable if default behaviour has been changed ( By default, Microsoft Office opens documents from the internet in Protected View or Application Guard for Office both of which prevent the current attack ) \n\n * Requires social engineering to be exploited \n\n * Workaround easy to deploy\n\n**nu11secur1ty** at September 22, 2021 4:28pm UTC reported:\n\n * Vulnerable if default behaviour has been changed ( By default, Microsoft Office opens documents from the internet in Protected View or Application Guard for Office both of which prevent the current attack ) \n\n * Requires social engineering to be exploited \n\n * Workaround easy to deploy\n\n**NinjaOperator** at September 07, 2021 6:45pm UTC reported:\n\n * Vulnerable if default behaviour has been changed ( By default, Microsoft Office opens documents from the internet in Protected View or Application Guard for Office both of which prevent the current attack ) \n\n * Requires social engineering to be exploited \n\n * Workaround easy to deploy\n\nAssessed Attacker Value: 3 \nAssessed Attacker Value: 3Assessed Attacker Value: 2\n", "published": "2021-09-15T00:00:00", "modified": "2021-09-25T00:00:00", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}, "cvss2": {}, "cvss3": {}, "href": "https://attackerkb.com/comments/d5168efc-757d-4584-a59f-dd75d566c156", "reporter": "AttackerKB", "references": ["https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-40444", "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-40444", "http://packetstormsecurity.com/files/164210/Microsoft-Windows-MSHTML-Overview.html"], "cvelist": ["CVE-2021-40444"], "immutableFields": [], "lastseen": "2021-10-09T19:41:25", "history": [], "viewCount": 52, "enchantments": {"dependencies": {"references": [{"type": "cve", "idList": ["CVE-2021-40444"]}, {"type": "kitploit", "idList": ["KITPLOIT:4033244480100620751", "KITPLOIT:942518396640901655", "KITPLOIT:3456474172768099634", "KITPLOIT:698315176468431184", "KITPLOIT:3697667464193804316", "KITPLOIT:5187040326820919368", "KITPLOIT:5550923684662771880", "KITPLOIT:5230148353750207837", "KITPLOIT:5184284878903042540", "KITPLOIT:2590785192528609562", "KITPLOIT:1624142243530526923", "KITPLOIT:4074521293617632933"]}, {"type": "cisa", "idList": ["CISA:C70D91615E3DC8B589B493118D474566"]}, {"type": "securelist", "idList": ["SECURELIST:63306FA6D056BD9A04969409AC790D84"]}, {"type": "mssecure", "idList": ["MSSECURE:795E0A765679492C51FEFA2B19EAD597"]}, {"type": "mmpc", "idList": ["MMPC:795E0A765679492C51FEFA2B19EAD597"]}, {"type": "trendmicroblog", "idList": ["TRENDMICROBLOG:E17B66F8728189778826A0F497A540F2", "TRENDMICROBLOG:E0C479F55DF4C53A47CA2170110555AE"]}, {"type": "mskb", "idList": ["KB5005563"]}, {"type": "threatpost", "idList": ["THREATPOST:62DC935BF4DB4EF8A4F1E83519B1D5CD", "THREATPOST:6D61C560E85ECD0A7A35C55E74849510", "THREATPOST:3C3F20C93519036CC712D1CA3A6D7C48"]}, {"type": "nessus", "idList": ["SMB_NT_MS21_SEP_5005569.NASL", "SMB_NT_MS21_SEP_5005565.NASL", "SMB_NT_MS21_SEP_5005566.NASL", "SMB_NT_MS21_IE_SEPT_2021.NASL", "SMB_NT_MS21_SEP_5005613.NASL", "SMB_NT_MS21_SEP_INTERNET_EXPLORER.NASL", "SMB_NT_MS21_SEP_5005573.NASL", "SMB_NT_MS21_SEP_5005568.NASL"]}, {"type": "kaspersky", "idList": ["KLA12278", "KLA12277"]}, {"type": "malwarebytes", "idList": ["MALWAREBYTES:DB54B348AF1AC41987150B5CE7B1BC66", "MALWAREBYTES:76333D1F0FCAFD79FA2EDD4A4CAFBB38", "MALWAREBYTES:801E20618F96EF51F9E60F7BC7906C2B"]}, {"type": "krebs", "idList": ["KREBS:2EC42B845847A6DCFE50ECEB9FF61C29", "KREBS:409088FC2DFC219B74043104C2B672CC"]}, {"type": "thn", "idList": ["THN:67ECC712AB360F5A56F2434CDBF6B51F", "THN:59AE75C78D4644BFA6AD90225B3DE0C1", "THN:D4E86BD8938D3B2E15104CA4922A51F8"]}, {"type": "mscve", "idList": ["MS:CVE-2021-40444"]}, {"type": "avleonov", "idList": ["AVLEONOV:5945665DFA613F7707360C10CED8C916"]}, {"type": "qualysblog", "idList": ["QUALYSBLOG:5576D16DC39617927D8AEFF027CC0911"]}, {"type": "rapid7blog", "idList": ["RAPID7BLOG:CC071AA6971D64B0F7A596B2BBD5F046"]}], "modified": "2021-10-05T10:41:56", "rev": 2}, "score": {"value": 4.4, "vector": "NONE", "modified": "2021-10-05T10:41:56", "rev": 2}}, "objectVersion": "1.6", "attackerkb": {"attackerValue": 3, "exploitability": 2}, "wildExploited": true, "wildExploitedCategory": {"Vendor Advisory": "", "News Article or Blog": ""}, "wildExploitedReports": [{"category": "Vendor Advisory", "source_url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-40444", "published": "2021-09-07T18:47:00"}, {"category": "Vendor Advisory", "source_url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-40444", "published": "2021-09-07T22:50:00"}, {"category": "Vendor Advisory", "source_url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-40444", "published": "2021-09-09T09:55:00"}, {"category": "News Article or Blog", "source_url": "", "published": "2021-09-10T05:06:00"}, {"category": "Vendor Advisory", "source_url": "https://www.microsoft.com/security/blog/2021/09/15/analyzing-attacks-that-exploit-the-mshtml-cve-2021-40444-vulnerability/", "published": "2021-09-17T14:53:00"}, {"category": "Threat Feed", "source_url": "", "published": "2021-09-17T14:53:00"}], "references_categories": {"Canonical": ["https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-40444"], "Miscellaneous": ["https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-40444", "http://packetstormsecurity.com/files/164210/Microsoft-Windows-MSHTML-Overview.html"]}, "tags": ["requires_interaction", "obscure_configuration"], "mitre_vector": {"Execution": ["Command and Scripting Interpreter: Windows Command Shell(Validated)", "Exploitation for Client Execution(Validated)", "User Execution(Validated)"]}, "last_activity": "2021-09-25T00:00:00"}, "lastseen": "2021-10-09T19:41:25", "differentElements": ["href"], "edition": 61}, {"bulletin": {"id": "AKB:F7CCD0B7-220B-49E5-A4DF-27E26B64A3F0", "hash": "3d52b470d5472513daaca763ba17c977", "type": "attackerkb", "bulletinFamily": "info", "title": "CVE-2021-40444", "description": "Microsoft MSHTML Remote Code Execution Vulnerability\n\n \n**Recent assessments:** \n \n**JunquerGJ** at September 07, 2021 10:50pm UTC reported:\n\n * Vulnerable if default behaviour has been changed ( By default, Microsoft Office opens documents from the internet in Protected View or Application Guard for Office both of which prevent the current attack ) \n\n * Requires social engineering to be exploited \n\n * Workaround easy to deploy\n\n**ccondon-r7** at September 07, 2021 7:12pm UTC reported:\n\n * Vulnerable if default behaviour has been changed ( By default, Microsoft Office opens documents from the internet in Protected View or Application Guard for Office both of which prevent the current attack ) \n\n * Requires social engineering to be exploited \n\n * Workaround easy to deploy\n\n**nu11secur1ty** at September 22, 2021 4:28pm UTC reported:\n\n * Vulnerable if default behaviour has been changed ( By default, Microsoft Office opens documents from the internet in Protected View or Application Guard for Office both of which prevent the current attack ) \n\n * Requires social engineering to be exploited \n\n * Workaround easy to deploy\n\n**NinjaOperator** at September 07, 2021 6:45pm UTC reported:\n\n * Vulnerable if default behaviour has been changed ( By default, Microsoft Office opens documents from the internet in Protected View or Application Guard for Office both of which prevent the current attack ) \n\n * Requires social engineering to be exploited \n\n * Workaround easy to deploy\n\nAssessed Attacker Value: 3 \nAssessed Attacker Value: 3Assessed Attacker Value: 2\n", "published": "2021-09-15T00:00:00", "modified": "2021-09-25T00:00:00", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}, "cvss2": {}, "cvss3": {}, "href": "https://attackerkb.com/topics/6ojqzQoPox/cve-2021-40444", "reporter": "AttackerKB", "references": ["https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-40444", "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-40444", "http://packetstormsecurity.com/files/164210/Microsoft-Windows-MSHTML-Overview.html"], "cvelist": ["CVE-2021-40444"], "immutableFields": [], "lastseen": "2021-10-09T22:42:14", "history": [], "viewCount": 52, "enchantments": {"dependencies": {"references": [{"type": "cve", "idList": ["CVE-2021-40444"]}, {"type": "kitploit", "idList": ["KITPLOIT:4033244480100620751", "KITPLOIT:942518396640901655", "KITPLOIT:3456474172768099634", "KITPLOIT:698315176468431184", "KITPLOIT:3697667464193804316", "KITPLOIT:5187040326820919368", "KITPLOIT:5550923684662771880", "KITPLOIT:5230148353750207837", "KITPLOIT:5184284878903042540", "KITPLOIT:2590785192528609562", "KITPLOIT:1624142243530526923", "KITPLOIT:4074521293617632933"]}, {"type": "cisa", "idList": ["CISA:C70D91615E3DC8B589B493118D474566"]}, {"type": "securelist", "idList": ["SECURELIST:63306FA6D056BD9A04969409AC790D84"]}, {"type": "mssecure", "idList": ["MSSECURE:795E0A765679492C51FEFA2B19EAD597"]}, {"type": "mmpc", "idList": ["MMPC:795E0A765679492C51FEFA2B19EAD597"]}, {"type": "trendmicroblog", "idList": ["TRENDMICROBLOG:E17B66F8728189778826A0F497A540F2", "TRENDMICROBLOG:E0C479F55DF4C53A47CA2170110555AE"]}, {"type": "mskb", "idList": ["KB5005563"]}, {"type": "threatpost", "idList": ["THREATPOST:62DC935BF4DB4EF8A4F1E83519B1D5CD", "THREATPOST:6D61C560E85ECD0A7A35C55E74849510", "THREATPOST:3C3F20C93519036CC712D1CA3A6D7C48"]}, {"type": "nessus", "idList": ["SMB_NT_MS21_SEP_5005569.NASL", "SMB_NT_MS21_SEP_5005565.NASL", "SMB_NT_MS21_SEP_5005566.NASL", "SMB_NT_MS21_IE_SEPT_2021.NASL", "SMB_NT_MS21_SEP_5005613.NASL", "SMB_NT_MS21_SEP_INTERNET_EXPLORER.NASL", "SMB_NT_MS21_SEP_5005573.NASL", "SMB_NT_MS21_SEP_5005568.NASL"]}, {"type": "kaspersky", "idList": ["KLA12278", "KLA12277"]}, {"type": "malwarebytes", "idList": ["MALWAREBYTES:DB54B348AF1AC41987150B5CE7B1BC66", "MALWAREBYTES:76333D1F0FCAFD79FA2EDD4A4CAFBB38", "MALWAREBYTES:801E20618F96EF51F9E60F7BC7906C2B"]}, {"type": "krebs", "idList": ["KREBS:2EC42B845847A6DCFE50ECEB9FF61C29", "KREBS:409088FC2DFC219B74043104C2B672CC"]}, {"type": "thn", "idList": ["THN:67ECC712AB360F5A56F2434CDBF6B51F", "THN:59AE75C78D4644BFA6AD90225B3DE0C1", "THN:D4E86BD8938D3B2E15104CA4922A51F8"]}, {"type": "mscve", "idList": ["MS:CVE-2021-40444"]}, {"type": "avleonov", "idList": ["AVLEONOV:5945665DFA613F7707360C10CED8C916"]}, {"type": "qualysblog", "idList": ["QUALYSBLOG:5576D16DC39617927D8AEFF027CC0911"]}, {"type": "rapid7blog", "idList": ["RAPID7BLOG:CC071AA6971D64B0F7A596B2BBD5F046"]}], "modified": "2021-10-05T10:41:56", "rev": 2}, "score": {"value": 4.4, "vector": "NONE", "modified": "2021-10-05T10:41:56", "rev": 2}}, "objectVersion": "1.6", "attackerkb": {"attackerValue": 3, "exploitability": 2}, "wildExploited": true, "wildExploitedCategory": {"Vendor Advisory": "", "News Article or Blog": ""}, "wildExploitedReports": [{"category": "Vendor Advisory", "source_url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-40444", "published": "2021-09-07T18:47:00"}, {"category": "Vendor Advisory", "source_url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-40444", "published": "2021-09-07T22:50:00"}, {"category": "Vendor Advisory", "source_url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-40444", "published": "2021-09-09T09:55:00"}, {"category": "News Article or Blog", "source_url": "", "published": "2021-09-10T05:06:00"}, {"category": "Vendor Advisory", "source_url": "https://www.microsoft.com/security/blog/2021/09/15/analyzing-attacks-that-exploit-the-mshtml-cve-2021-40444-vulnerability/", "published": "2021-09-17T14:53:00"}, {"category": "Threat Feed", "source_url": "", "published": "2021-09-17T14:53:00"}], "references_categories": {"Canonical": ["https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-40444"], "Miscellaneous": ["https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-40444", "http://packetstormsecurity.com/files/164210/Microsoft-Windows-MSHTML-Overview.html"]}, "tags": ["requires_interaction", "obscure_configuration"], "mitre_vector": {"Execution": ["Command and Scripting Interpreter: Windows Command Shell(Validated)", "Exploitation for Client Execution(Validated)", "User Execution(Validated)"]}, "last_activity": "2021-09-25T00:00:00"}, "lastseen": "2021-10-09T22:42:14", "differentElements": ["href"], "edition": 62}, {"bulletin": {"id": "AKB:F7CCD0B7-220B-49E5-A4DF-27E26B64A3F0", "hash": "f895324dfc94580c2fd6a7d9a0f2f27a", "type": "attackerkb", "bulletinFamily": "info", "title": "CVE-2021-40444", "description": "Microsoft MSHTML Remote Code Execution Vulnerability\n\n \n**Recent assessments:** \n \n**JunquerGJ** at September 07, 2021 10:50pm UTC reported:\n\n * Vulnerable if default behaviour has been changed ( By default, Microsoft Office opens documents from the internet in Protected View or Application Guard for Office both of which prevent the current attack ) \n\n * Requires social engineering to be exploited \n\n * Workaround easy to deploy\n\n**ccondon-r7** at September 07, 2021 7:12pm UTC reported:\n\n * Vulnerable if default behaviour has been changed ( By default, Microsoft Office opens documents from the internet in Protected View or Application Guard for Office both of which prevent the current attack ) \n\n * Requires social engineering to be exploited \n\n * Workaround easy to deploy\n\n**nu11secur1ty** at September 22, 2021 4:28pm UTC reported:\n\n * Vulnerable if default behaviour has been changed ( By default, Microsoft Office opens documents from the internet in Protected View or Application Guard for Office both of which prevent the current attack ) \n\n * Requires social engineering to be exploited \n\n * Workaround easy to deploy\n\n**NinjaOperator** at September 07, 2021 6:45pm UTC reported:\n\n * Vulnerable if default behaviour has been changed ( By default, Microsoft Office opens documents from the internet in Protected View or Application Guard for Office both of which prevent the current attack ) \n\n * Requires social engineering to be exploited \n\n * Workaround easy to deploy\n\nAssessed Attacker Value: 3 \nAssessed Attacker Value: 3Assessed Attacker Value: 2\n", "published": "2021-09-15T00:00:00", "modified": "2021-09-25T00:00:00", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}, "cvss2": {}, "cvss3": {}, "href": "https://attackerkb.com/comments/d5168efc-757d-4584-a59f-dd75d566c156", "reporter": "AttackerKB", "references": ["https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-40444", "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-40444", "http://packetstormsecurity.com/files/164210/Microsoft-Windows-MSHTML-Overview.html"], "cvelist": ["CVE-2021-40444"], "immutableFields": [], "lastseen": "2021-10-10T01:41:12", "history": [], "viewCount": 52, "enchantments": {"dependencies": {"references": [{"type": "cve", "idList": ["CVE-2021-40444"]}, {"type": "kitploit", "idList": ["KITPLOIT:4033244480100620751", "KITPLOIT:942518396640901655", "KITPLOIT:3456474172768099634", "KITPLOIT:698315176468431184", "KITPLOIT:3697667464193804316", "KITPLOIT:5187040326820919368", "KITPLOIT:5550923684662771880", "KITPLOIT:5230148353750207837", "KITPLOIT:5184284878903042540", "KITPLOIT:2590785192528609562", "KITPLOIT:1624142243530526923", "KITPLOIT:4074521293617632933"]}, {"type": "cisa", "idList": ["CISA:C70D91615E3DC8B589B493118D474566"]}, {"type": "securelist", "idList": ["SECURELIST:63306FA6D056BD9A04969409AC790D84"]}, {"type": "mssecure", "idList": ["MSSECURE:795E0A765679492C51FEFA2B19EAD597"]}, {"type": "mmpc", "idList": ["MMPC:795E0A765679492C51FEFA2B19EAD597"]}, {"type": "trendmicroblog", "idList": ["TRENDMICROBLOG:E17B66F8728189778826A0F497A540F2", "TRENDMICROBLOG:E0C479F55DF4C53A47CA2170110555AE"]}, {"type": "mskb", "idList": ["KB5005563"]}, {"type": "threatpost", "idList": ["THREATPOST:62DC935BF4DB4EF8A4F1E83519B1D5CD", "THREATPOST:6D61C560E85ECD0A7A35C55E74849510", "THREATPOST:3C3F20C93519036CC712D1CA3A6D7C48"]}, {"type": "nessus", "idList": ["SMB_NT_MS21_SEP_5005569.NASL", "SMB_NT_MS21_SEP_5005565.NASL", "SMB_NT_MS21_SEP_5005566.NASL", "SMB_NT_MS21_IE_SEPT_2021.NASL", "SMB_NT_MS21_SEP_5005613.NASL", "SMB_NT_MS21_SEP_INTERNET_EXPLORER.NASL", "SMB_NT_MS21_SEP_5005573.NASL", "SMB_NT_MS21_SEP_5005568.NASL"]}, {"type": "kaspersky", "idList": ["KLA12278", "KLA12277"]}, {"type": "malwarebytes", "idList": ["MALWAREBYTES:DB54B348AF1AC41987150B5CE7B1BC66", "MALWAREBYTES:76333D1F0FCAFD79FA2EDD4A4CAFBB38", "MALWAREBYTES:801E20618F96EF51F9E60F7BC7906C2B"]}, {"type": "krebs", "idList": ["KREBS:2EC42B845847A6DCFE50ECEB9FF61C29", "KREBS:409088FC2DFC219B74043104C2B672CC"]}, {"type": "thn", "idList": ["THN:67ECC712AB360F5A56F2434CDBF6B51F", "THN:59AE75C78D4644BFA6AD90225B3DE0C1", "THN:D4E86BD8938D3B2E15104CA4922A51F8"]}, {"type": "mscve", "idList": ["MS:CVE-2021-40444"]}, {"type": "avleonov", "idList": ["AVLEONOV:5945665DFA613F7707360C10CED8C916"]}, {"type": "qualysblog", "idList": ["QUALYSBLOG:5576D16DC39617927D8AEFF027CC0911"]}, {"type": "rapid7blog", "idList": ["RAPID7BLOG:CC071AA6971D64B0F7A596B2BBD5F046"]}], "modified": "2021-10-05T10:41:56", "rev": 2}, "score": {"value": 4.4, "vector": "NONE", "modified": "2021-10-05T10:41:56", "rev": 2}}, "objectVersion": "1.6", "attackerkb": {"attackerValue": 3, "exploitability": 2}, "wildExploited": true, "wildExploitedCategory": {"Vendor Advisory": "", "News Article or Blog": ""}, "wildExploitedReports": [{"category": "Vendor Advisory", "source_url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-40444", "published": "2021-09-07T18:47:00"}, {"category": "Vendor Advisory", "source_url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-40444", "published": "2021-09-07T22:50:00"}, {"category": "Vendor Advisory", "source_url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-40444", "published": "2021-09-09T09:55:00"}, {"category": "News Article or Blog", "source_url": "", "published": "2021-09-10T05:06:00"}, {"category": "Vendor Advisory", "source_url": "https://www.microsoft.com/security/blog/2021/09/15/analyzing-attacks-that-exploit-the-mshtml-cve-2021-40444-vulnerability/", "published": "2021-09-17T14:53:00"}, {"category": "Threat Feed", "source_url": "", "published": "2021-09-17T14:53:00"}], "references_categories": {"Canonical": ["https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-40444"], "Miscellaneous": ["https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-40444", "http://packetstormsecurity.com/files/164210/Microsoft-Windows-MSHTML-Overview.html"]}, "tags": ["requires_interaction", "obscure_configuration"], "mitre_vector": {"Execution": ["Command and Scripting Interpreter: Windows Command Shell(Validated)", "Exploitation for Client Execution(Validated)", "User Execution(Validated)"]}, "last_activity": "2021-09-25T00:00:00"}, "lastseen": "2021-10-10T01:41:12", "differentElements": ["href"], "edition": 63}, {"bulletin": {"id": "AKB:F7CCD0B7-220B-49E5-A4DF-27E26B64A3F0", "hash": "3d52b470d5472513daaca763ba17c977", "type": "attackerkb", "bulletinFamily": "info", "title": "CVE-2021-40444", "description": "Microsoft MSHTML Remote Code Execution Vulnerability\n\n \n**Recent assessments:** \n \n**JunquerGJ** at September 07, 2021 10:50pm UTC reported:\n\n * Vulnerable if default behaviour has been changed ( By default, Microsoft Office opens documents from the internet in Protected View or Application Guard for Office both of which prevent the current attack ) \n\n * Requires social engineering to be exploited \n\n * Workaround easy to deploy\n\n**ccondon-r7** at September 07, 2021 7:12pm UTC reported:\n\n * Vulnerable if default behaviour has been changed ( By default, Microsoft Office opens documents from the internet in Protected View or Application Guard for Office both of which prevent the current attack ) \n\n * Requires social engineering to be exploited \n\n * Workaround easy to deploy\n\n**nu11secur1ty** at September 22, 2021 4:28pm UTC reported:\n\n * Vulnerable if default behaviour has been changed ( By default, Microsoft Office opens documents from the internet in Protected View or Application Guard for Office both of which prevent the current attack ) \n\n * Requires social engineering to be exploited \n\n * Workaround easy to deploy\n\n**NinjaOperator** at September 07, 2021 6:45pm UTC reported:\n\n * Vulnerable if default behaviour has been changed ( By default, Microsoft Office opens documents from the internet in Protected View or Application Guard for Office both of which prevent the current attack ) \n\n * Requires social engineering to be exploited \n\n * Workaround easy to deploy\n\nAssessed Attacker Value: 3 \nAssessed Attacker Value: 3Assessed Attacker Value: 2\n", "published": "2021-09-15T00:00:00", "modified": "2021-09-25T00:00:00", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}, "cvss2": {}, "cvss3": {}, "href": "https://attackerkb.com/topics/6ojqzQoPox/cve-2021-40444", "reporter": "AttackerKB", "references": ["https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-40444", "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-40444", "http://packetstormsecurity.com/files/164210/Microsoft-Windows-MSHTML-Overview.html"], "cvelist": ["CVE-2021-40444"], "immutableFields": [], "lastseen": "2021-10-10T01:41:21", "history": [], "viewCount": 52, "enchantments": {"dependencies": {"references": [{"type": "cve", "idList": ["CVE-2021-40444"]}, {"type": "kitploit", "idList": ["KITPLOIT:4033244480100620751", "KITPLOIT:942518396640901655", "KITPLOIT:3456474172768099634", "KITPLOIT:698315176468431184", "KITPLOIT:3697667464193804316", "KITPLOIT:5187040326820919368", "KITPLOIT:5550923684662771880", "KITPLOIT:5230148353750207837", "KITPLOIT:5184284878903042540", "KITPLOIT:2590785192528609562", "KITPLOIT:1624142243530526923", "KITPLOIT:4074521293617632933"]}, {"type": "cisa", "idList": ["CISA:C70D91615E3DC8B589B493118D474566"]}, {"type": "securelist", "idList": ["SECURELIST:63306FA6D056BD9A04969409AC790D84"]}, {"type": "mssecure", "idList": ["MSSECURE:795E0A765679492C51FEFA2B19EAD597"]}, {"type": "mmpc", "idList": ["MMPC:795E0A765679492C51FEFA2B19EAD597"]}, {"type": "trendmicroblog", "idList": ["TRENDMICROBLOG:E17B66F8728189778826A0F497A540F2", "TRENDMICROBLOG:E0C479F55DF4C53A47CA2170110555AE"]}, {"type": "mskb", "idList": ["KB5005563"]}, {"type": "threatpost", "idList": ["THREATPOST:62DC935BF4DB4EF8A4F1E83519B1D5CD", "THREATPOST:6D61C560E85ECD0A7A35C55E74849510", "THREATPOST:3C3F20C93519036CC712D1CA3A6D7C48"]}, {"type": "nessus", "idList": ["SMB_NT_MS21_SEP_5005569.NASL", "SMB_NT_MS21_SEP_5005565.NASL", "SMB_NT_MS21_SEP_5005566.NASL", "SMB_NT_MS21_IE_SEPT_2021.NASL", "SMB_NT_MS21_SEP_5005613.NASL", "SMB_NT_MS21_SEP_INTERNET_EXPLORER.NASL", "SMB_NT_MS21_SEP_5005573.NASL", "SMB_NT_MS21_SEP_5005568.NASL"]}, {"type": "kaspersky", "idList": ["KLA12278", "KLA12277"]}, {"type": "malwarebytes", "idList": ["MALWAREBYTES:DB54B348AF1AC41987150B5CE7B1BC66", "MALWAREBYTES:76333D1F0FCAFD79FA2EDD4A4CAFBB38", "MALWAREBYTES:801E20618F96EF51F9E60F7BC7906C2B"]}, {"type": "krebs", "idList": ["KREBS:2EC42B845847A6DCFE50ECEB9FF61C29", "KREBS:409088FC2DFC219B74043104C2B672CC"]}, {"type": "thn", "idList": ["THN:67ECC712AB360F5A56F2434CDBF6B51F", "THN:59AE75C78D4644BFA6AD90225B3DE0C1", "THN:D4E86BD8938D3B2E15104CA4922A51F8"]}, {"type": "mscve", "idList": ["MS:CVE-2021-40444"]}, {"type": "avleonov", "idList": ["AVLEONOV:5945665DFA613F7707360C10CED8C916"]}, {"type": "qualysblog", "idList": ["QUALYSBLOG:5576D16DC39617927D8AEFF027CC0911"]}, {"type": "rapid7blog", "idList": ["RAPID7BLOG:CC071AA6971D64B0F7A596B2BBD5F046"]}], "modified": "2021-10-05T10:41:56", "rev": 2}, "score": {"value": 4.4, "vector": "NONE", "modified": "2021-10-05T10:41:56", "rev": 2}}, "objectVersion": "1.6", "attackerkb": {"attackerValue": 3, "exploitability": 2}, "wildExploited": true, "wildExploitedCategory": {"Vendor Advisory": "", "News Article or Blog": ""}, "wildExploitedReports": [{"category": "Vendor Advisory", "source_url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-40444", "published": "2021-09-07T18:47:00"}, {"category": "Vendor Advisory", "source_url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-40444", "published": "2021-09-07T22:50:00"}, {"category": "Vendor Advisory", "source_url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-40444", "published": "2021-09-09T09:55:00"}, {"category": "News Article or Blog", "source_url": "", "published": "2021-09-10T05:06:00"}, {"category": "Vendor Advisory", "source_url": "https://www.microsoft.com/security/blog/2021/09/15/analyzing-attacks-that-exploit-the-mshtml-cve-2021-40444-vulnerability/", "published": "2021-09-17T14:53:00"}, {"category": "Threat Feed", "source_url": "", "published": "2021-09-17T14:53:00"}], "references_categories": {"Canonical": ["https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-40444"], "Miscellaneous": ["https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-40444", "http://packetstormsecurity.com/files/164210/Microsoft-Windows-MSHTML-Overview.html"]}, "tags": ["requires_interaction", "obscure_configuration"], "mitre_vector": {"Execution": ["Command and Scripting Interpreter: Windows Command Shell(Validated)", "Exploitation for Client Execution(Validated)", "User Execution(Validated)"]}, "last_activity": "2021-09-25T00:00:00"}, "lastseen": "2021-10-10T01:41:21", "differentElements": ["href"], "edition": 64}, {"bulletin": {"id": "AKB:F7CCD0B7-220B-49E5-A4DF-27E26B64A3F0", "hash": "f895324dfc94580c2fd6a7d9a0f2f27a", "type": "attackerkb", "bulletinFamily": "info", "title": "CVE-2021-40444", "description": "Microsoft MSHTML Remote Code Execution Vulnerability\n\n \n**Recent assessments:** \n \n**JunquerGJ** at September 07, 2021 10:50pm UTC reported:\n\n * Vulnerable if default behaviour has been changed ( By default, Microsoft Office opens documents from the internet in Protected View or Application Guard for Office both of which prevent the current attack ) \n\n * Requires social engineering to be exploited \n\n * Workaround easy to deploy\n\n**ccondon-r7** at September 07, 2021 7:12pm UTC reported:\n\n * Vulnerable if default behaviour has been changed ( By default, Microsoft Office opens documents from the internet in Protected View or Application Guard for Office both of which prevent the current attack ) \n\n * Requires social engineering to be exploited \n\n * Workaround easy to deploy\n\n**nu11secur1ty** at September 22, 2021 4:28pm UTC reported:\n\n * Vulnerable if default behaviour has been changed ( By default, Microsoft Office opens documents from the internet in Protected View or Application Guard for Office both of which prevent the current attack ) \n\n * Requires social engineering to be exploited \n\n * Workaround easy to deploy\n\n**NinjaOperator** at September 07, 2021 6:45pm UTC reported:\n\n * Vulnerable if default behaviour has been changed ( By default, Microsoft Office opens documents from the internet in Protected View or Application Guard for Office both of which prevent the current attack ) \n\n * Requires social engineering to be exploited \n\n * Workaround easy to deploy\n\nAssessed Attacker Value: 3 \nAssessed Attacker Value: 3Assessed Attacker Value: 2\n", "published": "2021-09-15T00:00:00", "modified": "2021-09-25T00:00:00", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}, "cvss2": {}, "cvss3": {}, "href": "https://attackerkb.com/comments/d5168efc-757d-4584-a59f-dd75d566c156", "reporter": "AttackerKB", "references": ["https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-40444", "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-40444", "http://packetstormsecurity.com/files/164210/Microsoft-Windows-MSHTML-Overview.html"], "cvelist": ["CVE-2021-40444"], "immutableFields": [], "lastseen": "2021-10-10T04:41:42", "history": [], "viewCount": 52, "enchantments": {"dependencies": {"references": [{"type": "cve", "idList": ["CVE-2021-40444"]}, {"type": "kitploit", "idList": ["KITPLOIT:4033244480100620751", "KITPLOIT:942518396640901655", "KITPLOIT:3456474172768099634", "KITPLOIT:698315176468431184", "KITPLOIT:3697667464193804316", "KITPLOIT:5187040326820919368", "KITPLOIT:5550923684662771880", "KITPLOIT:5230148353750207837", "KITPLOIT:5184284878903042540", "KITPLOIT:2590785192528609562", "KITPLOIT:1624142243530526923", "KITPLOIT:4074521293617632933"]}, {"type": "cisa", "idList": ["CISA:C70D91615E3DC8B589B493118D474566"]}, {"type": "securelist", "idList": ["SECURELIST:63306FA6D056BD9A04969409AC790D84"]}, {"type": "mssecure", "idList": ["MSSECURE:795E0A765679492C51FEFA2B19EAD597"]}, {"type": "mmpc", "idList": ["MMPC:795E0A765679492C51FEFA2B19EAD597"]}, {"type": "trendmicroblog", "idList": ["TRENDMICROBLOG:E17B66F8728189778826A0F497A540F2", "TRENDMICROBLOG:E0C479F55DF4C53A47CA2170110555AE"]}, {"type": "mskb", "idList": ["KB5005563"]}, {"type": "threatpost", "idList": ["THREATPOST:62DC935BF4DB4EF8A4F1E83519B1D5CD", "THREATPOST:6D61C560E85ECD0A7A35C55E74849510", "THREATPOST:3C3F20C93519036CC712D1CA3A6D7C48"]}, {"type": "nessus", "idList": ["SMB_NT_MS21_SEP_5005569.NASL", "SMB_NT_MS21_SEP_5005565.NASL", "SMB_NT_MS21_SEP_5005566.NASL", "SMB_NT_MS21_IE_SEPT_2021.NASL", "SMB_NT_MS21_SEP_5005613.NASL", "SMB_NT_MS21_SEP_INTERNET_EXPLORER.NASL", "SMB_NT_MS21_SEP_5005573.NASL", "SMB_NT_MS21_SEP_5005568.NASL"]}, {"type": "kaspersky", "idList": ["KLA12278", "KLA12277"]}, {"type": "malwarebytes", "idList": ["MALWAREBYTES:DB54B348AF1AC41987150B5CE7B1BC66", "MALWAREBYTES:76333D1F0FCAFD79FA2EDD4A4CAFBB38", "MALWAREBYTES:801E20618F96EF51F9E60F7BC7906C2B"]}, {"type": "krebs", "idList": ["KREBS:2EC42B845847A6DCFE50ECEB9FF61C29", "KREBS:409088FC2DFC219B74043104C2B672CC"]}, {"type": "thn", "idList": ["THN:67ECC712AB360F5A56F2434CDBF6B51F", "THN:59AE75C78D4644BFA6AD90225B3DE0C1", "THN:D4E86BD8938D3B2E15104CA4922A51F8"]}, {"type": "mscve", "idList": ["MS:CVE-2021-40444"]}, {"type": "avleonov", "idList": ["AVLEONOV:5945665DFA613F7707360C10CED8C916"]}, {"type": "qualysblog", "idList": ["QUALYSBLOG:5576D16DC39617927D8AEFF027CC0911"]}, {"type": "rapid7blog", "idList": ["RAPID7BLOG:CC071AA6971D64B0F7A596B2BBD5F046"]}], "modified": "2021-10-05T10:41:56", "rev": 2}, "score": {"value": 4.4, "vector": "NONE", "modified": "2021-10-05T10:41:56", "rev": 2}}, "objectVersion": "1.6", "attackerkb": {"attackerValue": 3, "exploitability": 2}, "wildExploited": true, "wildExploitedCategory": {"Vendor Advisory": "", "News Article or Blog": ""}, "wildExploitedReports": [{"category": "Vendor Advisory", "source_url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-40444", "published": "2021-09-07T18:47:00"}, {"category": "Vendor Advisory", "source_url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-40444", "published": "2021-09-07T22:50:00"}, {"category": "Vendor Advisory", "source_url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-40444", "published": "2021-09-09T09:55:00"}, {"category": "News Article or Blog", "source_url": "", "published": "2021-09-10T05:06:00"}, {"category": "Vendor Advisory", "source_url": "https://www.microsoft.com/security/blog/2021/09/15/analyzing-attacks-that-exploit-the-mshtml-cve-2021-40444-vulnerability/", "published": "2021-09-17T14:53:00"}, {"category": "Threat Feed", "source_url": "", "published": "2021-09-17T14:53:00"}], "references_categories": {"Canonical": ["https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-40444"], "Miscellaneous": ["https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-40444", "http://packetstormsecurity.com/files/164210/Microsoft-Windows-MSHTML-Overview.html"]}, "tags": ["requires_interaction", "obscure_configuration"], "mitre_vector": {"Execution": ["Command and Scripting Interpreter: Windows Command Shell(Validated)", "Exploitation for Client Execution(Validated)", "User Execution(Validated)"]}, "last_activity": "2021-09-25T00:00:00"}, "lastseen": "2021-10-10T04:41:42", "differentElements": ["href"], "edition": 65}, {"bulletin": {"id": "AKB:F7CCD0B7-220B-49E5-A4DF-27E26B64A3F0", "hash": "3d52b470d5472513daaca763ba17c977", "type": "attackerkb", "bulletinFamily": "info", "title": "CVE-2021-40444", "description": "Microsoft MSHTML Remote Code Execution Vulnerability\n\n \n**Recent assessments:** \n \n**JunquerGJ** at September 07, 2021 10:50pm UTC reported:\n\n * Vulnerable if default behaviour has been changed ( By default, Microsoft Office opens documents from the internet in Protected View or Application Guard for Office both of which prevent the current attack ) \n\n * Requires social engineering to be exploited \n\n * Workaround easy to deploy\n\n**ccondon-r7** at September 07, 2021 7:12pm UTC reported:\n\n * Vulnerable if default behaviour has been changed ( By default, Microsoft Office opens documents from the internet in Protected View or Application Guard for Office both of which prevent the current attack ) \n\n * Requires social engineering to be exploited \n\n * Workaround easy to deploy\n\n**nu11secur1ty** at September 22, 2021 4:28pm UTC reported:\n\n * Vulnerable if default behaviour has been changed ( By default, Microsoft Office opens documents from the internet in Protected View or Application Guard for Office both of which prevent the current attack ) \n\n * Requires social engineering to be exploited \n\n * Workaround easy to deploy\n\n**NinjaOperator** at September 07, 2021 6:45pm UTC reported:\n\n * Vulnerable if default behaviour has been changed ( By default, Microsoft Office opens documents from the internet in Protected View or Application Guard for Office both of which prevent the current attack ) \n\n * Requires social engineering to be exploited \n\n * Workaround easy to deploy\n\nAssessed Attacker Value: 3 \nAssessed Attacker Value: 3Assessed Attacker Value: 2\n", "published": "2021-09-15T00:00:00", "modified": "2021-09-25T00:00:00", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}, "cvss2": {}, "cvss3": {}, "href": "https://attackerkb.com/topics/6ojqzQoPox/cve-2021-40444", "reporter": "AttackerKB", "references": ["https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-40444", "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-40444", "http://packetstormsecurity.com/files/164210/Microsoft-Windows-MSHTML-Overview.html"], "cvelist": ["CVE-2021-40444"], "immutableFields": [], "lastseen": "2021-10-10T04:41:46", "history": [], "viewCount": 52, "enchantments": {"dependencies": {"references": [{"type": "cve", "idList": ["CVE-2021-40444"]}, {"type": "kitploit", "idList": ["KITPLOIT:4033244480100620751", "KITPLOIT:942518396640901655", "KITPLOIT:3456474172768099634", "KITPLOIT:698315176468431184", "KITPLOIT:3697667464193804316", "KITPLOIT:5187040326820919368", "KITPLOIT:5550923684662771880", "KITPLOIT:5230148353750207837", "KITPLOIT:5184284878903042540", "KITPLOIT:2590785192528609562", "KITPLOIT:1624142243530526923", "KITPLOIT:4074521293617632933"]}, {"type": "cisa", "idList": ["CISA:C70D91615E3DC8B589B493118D474566"]}, {"type": "securelist", "idList": ["SECURELIST:63306FA6D056BD9A04969409AC790D84"]}, {"type": "mssecure", "idList": ["MSSECURE:795E0A765679492C51FEFA2B19EAD597"]}, {"type": "mmpc", "idList": ["MMPC:795E0A765679492C51FEFA2B19EAD597"]}, {"type": "trendmicroblog", "idList": ["TRENDMICROBLOG:E17B66F8728189778826A0F497A540F2", "TRENDMICROBLOG:E0C479F55DF4C53A47CA2170110555AE"]}, {"type": "mskb", "idList": ["KB5005563"]}, {"type": "threatpost", "idList": ["THREATPOST:62DC935BF4DB4EF8A4F1E83519B1D5CD", "THREATPOST:6D61C560E85ECD0A7A35C55E74849510", "THREATPOST:3C3F20C93519036CC712D1CA3A6D7C48"]}, {"type": "nessus", "idList": ["SMB_NT_MS21_SEP_5005569.NASL", "SMB_NT_MS21_SEP_5005565.NASL", "SMB_NT_MS21_SEP_5005566.NASL", "SMB_NT_MS21_IE_SEPT_2021.NASL", "SMB_NT_MS21_SEP_5005613.NASL", "SMB_NT_MS21_SEP_INTERNET_EXPLORER.NASL", "SMB_NT_MS21_SEP_5005573.NASL", "SMB_NT_MS21_SEP_5005568.NASL"]}, {"type": "kaspersky", "idList": ["KLA12278", "KLA12277"]}, {"type": "malwarebytes", "idList": ["MALWAREBYTES:DB54B348AF1AC41987150B5CE7B1BC66", "MALWAREBYTES:76333D1F0FCAFD79FA2EDD4A4CAFBB38", "MALWAREBYTES:801E20618F96EF51F9E60F7BC7906C2B"]}, {"type": "krebs", "idList": ["KREBS:2EC42B845847A6DCFE50ECEB9FF61C29", "KREBS:409088FC2DFC219B74043104C2B672CC"]}, {"type": "thn", "idList": ["THN:67ECC712AB360F5A56F2434CDBF6B51F", "THN:59AE75C78D4644BFA6AD90225B3DE0C1", "THN:D4E86BD8938D3B2E15104CA4922A51F8"]}, {"type": "mscve", "idList": ["MS:CVE-2021-40444"]}, {"type": "avleonov", "idList": ["AVLEONOV:5945665DFA613F7707360C10CED8C916"]}, {"type": "qualysblog", "idList": ["QUALYSBLOG:5576D16DC39617927D8AEFF027CC0911"]}, {"type": "rapid7blog", "idList": ["RAPID7BLOG:CC071AA6971D64B0F7A596B2BBD5F046"]}], "modified": "2021-10-05T10:41:56", "rev": 2}, "score": {"value": 4.4, "vector": "NONE", "modified": "2021-10-05T10:41:56", "rev": 2}}, "objectVersion": "1.6", "attackerkb": {"attackerValue": 3, "exploitability": 2}, "wildExploited": true, "wildExploitedCategory": {"Vendor Advisory": "", "News Article or Blog": ""}, "wildExploitedReports": [{"category": "Vendor Advisory", "source_url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-40444", "published": "2021-09-07T18:47:00"}, {"category": "Vendor Advisory", "source_url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-40444", "published": "2021-09-07T22:50:00"}, {"category": "Vendor Advisory", "source_url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-40444", "published": "2021-09-09T09:55:00"}, {"category": "News Article or Blog", "source_url": "", "published": "2021-09-10T05:06:00"}, {"category": "Vendor Advisory", "source_url": "https://www.microsoft.com/security/blog/2021/09/15/analyzing-attacks-that-exploit-the-mshtml-cve-2021-40444-vulnerability/", "published": "2021-09-17T14:53:00"}, {"category": "Threat Feed", "source_url": "", "published": "2021-09-17T14:53:00"}], "references_categories": {"Canonical": ["https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-40444"], "Miscellaneous": ["https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-40444", "http://packetstormsecurity.com/files/164210/Microsoft-Windows-MSHTML-Overview.html"]}, "tags": ["requires_interaction", "obscure_configuration"], "mitre_vector": {"Execution": ["Command and Scripting Interpreter: Windows Command Shell(Validated)", "Exploitation for Client Execution(Validated)", "User Execution(Validated)"]}, "last_activity": "2021-09-25T00:00:00"}, "lastseen": "2021-10-10T04:41:46", "differentElements": ["href"], "edition": 66}, {"bulletin": {"id": "AKB:F7CCD0B7-220B-49E5-A4DF-27E26B64A3F0", "hash": "f895324dfc94580c2fd6a7d9a0f2f27a", "type": "attackerkb", "bulletinFamily": "info", "title": "CVE-2021-40444", "description": "Microsoft MSHTML Remote Code Execution Vulnerability\n\n \n**Recent assessments:** \n \n**JunquerGJ** at September 07, 2021 10:50pm UTC reported:\n\n * Vulnerable if default behaviour has been changed ( By default, Microsoft Office opens documents from the internet in Protected View or Application Guard for Office both of which prevent the current attack ) \n\n * Requires social engineering to be exploited \n\n * Workaround easy to deploy\n\n**ccondon-r7** at September 07, 2021 7:12pm UTC reported:\n\n * Vulnerable if default behaviour has been changed ( By default, Microsoft Office opens documents from the internet in Protected View or Application Guard for Office both of which prevent the current attack ) \n\n * Requires social engineering to be exploited \n\n * Workaround easy to deploy\n\n**nu11secur1ty** at September 22, 2021 4:28pm UTC reported:\n\n * Vulnerable if default behaviour has been changed ( By default, Microsoft Office opens documents from the internet in Protected View or Application Guard for Office both of which prevent the current attack ) \n\n * Requires social engineering to be exploited \n\n * Workaround easy to deploy\n\n**NinjaOperator** at September 07, 2021 6:45pm UTC reported:\n\n * Vulnerable if default behaviour has been changed ( By default, Microsoft Office opens documents from the internet in Protected View or Application Guard for Office both of which prevent the current attack ) \n\n * Requires social engineering to be exploited \n\n * Workaround easy to deploy\n\nAssessed Attacker Value: 3 \nAssessed Attacker Value: 3Assessed Attacker Value: 2\n", "published": "2021-09-15T00:00:00", "modified": "2021-09-25T00:00:00", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}, "cvss2": {}, "cvss3": {}, "href": "https://attackerkb.com/comments/d5168efc-757d-4584-a59f-dd75d566c156", "reporter": "AttackerKB", "references": ["https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-40444", "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-40444", "http://packetstormsecurity.com/files/164210/Microsoft-Windows-MSHTML-Overview.html"], "cvelist": ["CVE-2021-40444"], "immutableFields": [], "lastseen": "2021-10-10T07:41:24", "history": [], "viewCount": 52, "enchantments": {"dependencies": {"references": [{"type": "cve", "idList": ["CVE-2021-40444"]}, {"type": "kitploit", "idList": ["KITPLOIT:4033244480100620751", "KITPLOIT:942518396640901655", "KITPLOIT:3456474172768099634", "KITPLOIT:698315176468431184", "KITPLOIT:3697667464193804316", "KITPLOIT:5187040326820919368", "KITPLOIT:5550923684662771880", "KITPLOIT:5230148353750207837", "KITPLOIT:5184284878903042540", "KITPLOIT:2590785192528609562", "KITPLOIT:1624142243530526923", "KITPLOIT:4074521293617632933"]}, {"type": "cisa", "idList": ["CISA:C70D91615E3DC8B589B493118D474566"]}, {"type": "securelist", "idList": ["SECURELIST:63306FA6D056BD9A04969409AC790D84"]}, {"type": "mssecure", "idList": ["MSSECURE:795E0A765679492C51FEFA2B19EAD597"]}, {"type": "mmpc", "idList": ["MMPC:795E0A765679492C51FEFA2B19EAD597"]}, {"type": "trendmicroblog", "idList": ["TRENDMICROBLOG:E17B66F8728189778826A0F497A540F2", "TRENDMICROBLOG:E0C479F55DF4C53A47CA2170110555AE"]}, {"type": "mskb", "idList": ["KB5005563"]}, {"type": "threatpost", "idList": ["THREATPOST:62DC935BF4DB4EF8A4F1E83519B1D5CD", "THREATPOST:6D61C560E85ECD0A7A35C55E74849510", "THREATPOST:3C3F20C93519036CC712D1CA3A6D7C48"]}, {"type": "nessus", "idList": ["SMB_NT_MS21_SEP_5005569.NASL", "SMB_NT_MS21_SEP_5005565.NASL", "SMB_NT_MS21_SEP_5005566.NASL", "SMB_NT_MS21_IE_SEPT_2021.NASL", "SMB_NT_MS21_SEP_5005613.NASL", "SMB_NT_MS21_SEP_INTERNET_EXPLORER.NASL", "SMB_NT_MS21_SEP_5005573.NASL", "SMB_NT_MS21_SEP_5005568.NASL"]}, {"type": "kaspersky", "idList": ["KLA12278", "KLA12277"]}, {"type": "malwarebytes", "idList": ["MALWAREBYTES:DB54B348AF1AC41987150B5CE7B1BC66", "MALWAREBYTES:76333D1F0FCAFD79FA2EDD4A4CAFBB38", "MALWAREBYTES:801E20618F96EF51F9E60F7BC7906C2B"]}, {"type": "krebs", "idList": ["KREBS:2EC42B845847A6DCFE50ECEB9FF61C29", "KREBS:409088FC2DFC219B74043104C2B672CC"]}, {"type": "thn", "idList": ["THN:67ECC712AB360F5A56F2434CDBF6B51F", "THN:59AE75C78D4644BFA6AD90225B3DE0C1", "THN:D4E86BD8938D3B2E15104CA4922A51F8"]}, {"type": "mscve", "idList": ["MS:CVE-2021-40444"]}, {"type": "avleonov", "idList": ["AVLEONOV:5945665DFA613F7707360C10CED8C916"]}, {"type": "qualysblog", "idList": ["QUALYSBLOG:5576D16DC39617927D8AEFF027CC0911"]}, {"type": "rapid7blog", "idList": ["RAPID7BLOG:CC071AA6971D64B0F7A596B2BBD5F046"]}], "modified": "2021-10-05T10:41:56", "rev": 2}, "score": {"value": 4.4, "vector": "NONE", "modified": "2021-10-05T10:41:56", "rev": 2}}, "objectVersion": "1.6", "attackerkb": {"attackerValue": 3, "exploitability": 2}, "wildExploited": true, "wildExploitedCategory": {"Vendor Advisory": "", "News Article or Blog": ""}, "wildExploitedReports": [{"category": "Vendor Advisory", "source_url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-40444", "published": "2021-09-07T18:47:00"}, {"category": "Vendor Advisory", "source_url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-40444", "published": "2021-09-07T22:50:00"}, {"category": "Vendor Advisory", "source_url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-40444", "published": "2021-09-09T09:55:00"}, {"category": "News Article or Blog", "source_url": "", "published": "2021-09-10T05:06:00"}, {"category": "Vendor Advisory", "source_url": "https://www.microsoft.com/security/blog/2021/09/15/analyzing-attacks-that-exploit-the-mshtml-cve-2021-40444-vulnerability/", "published": "2021-09-17T14:53:00"}, {"category": "Threat Feed", "source_url": "", "published": "2021-09-17T14:53:00"}], "references_categories": {"Canonical": ["https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-40444"], "Miscellaneous": ["https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-40444", "http://packetstormsecurity.com/files/164210/Microsoft-Windows-MSHTML-Overview.html"]}, "tags": ["requires_interaction", "obscure_configuration"], "mitre_vector": {"Execution": ["Command and Scripting Interpreter: Windows Command Shell(Validated)", "Exploitation for Client Execution(Validated)", "User Execution(Validated)"]}, "last_activity": "2021-09-25T00:00:00"}, "lastseen": "2021-10-10T07:41:24", "differentElements": ["href"], "edition": 67}, {"bulletin": {"id": "AKB:F7CCD0B7-220B-49E5-A4DF-27E26B64A3F0", "hash": "3d52b470d5472513daaca763ba17c977", "type": "attackerkb", "bulletinFamily": "info", "title": "CVE-2021-40444", "description": "Microsoft MSHTML Remote Code Execution Vulnerability\n\n \n**Recent assessments:** \n \n**JunquerGJ** at September 07, 2021 10:50pm UTC reported:\n\n * Vulnerable if default behaviour has been changed ( By default, Microsoft Office opens documents from the internet in Protected View or Application Guard for Office both of which prevent the current attack ) \n\n * Requires social engineering to be exploited \n\n * Workaround easy to deploy\n\n**ccondon-r7** at September 07, 2021 7:12pm UTC reported:\n\n * Vulnerable if default behaviour has been changed ( By default, Microsoft Office opens documents from the internet in Protected View or Application Guard for Office both of which prevent the current attack ) \n\n * Requires social engineering to be exploited \n\n * Workaround easy to deploy\n\n**nu11secur1ty** at September 22, 2021 4:28pm UTC reported:\n\n * Vulnerable if default behaviour has been changed ( By default, Microsoft Office opens documents from the internet in Protected View or Application Guard for Office both of which prevent the current attack ) \n\n * Requires social engineering to be exploited \n\n * Workaround easy to deploy\n\n**NinjaOperator** at September 07, 2021 6:45pm UTC reported:\n\n * Vulnerable if default behaviour has been changed ( By default, Microsoft Office opens documents from the internet in Protected View or Application Guard for Office both of which prevent the current attack ) \n\n * Requires social engineering to be exploited \n\n * Workaround easy to deploy\n\nAssessed Attacker Value: 3 \nAssessed Attacker Value: 3Assessed Attacker Value: 2\n", "published": "2021-09-15T00:00:00", "modified": "2021-09-25T00:00:00", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}, "cvss2": {}, "cvss3": {}, "href": "https://attackerkb.com/topics/6ojqzQoPox/cve-2021-40444", "reporter": "AttackerKB", "references": ["https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-40444", "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-40444", "http://packetstormsecurity.com/files/164210/Microsoft-Windows-MSHTML-Overview.html"], "cvelist": ["CVE-2021-40444"], "immutableFields": [], "lastseen": "2021-10-10T07:41:27", "history": [], "viewCount": 52, "enchantments": {"dependencies": {"references": [{"type": "cve", "idList": ["CVE-2021-40444"]}, {"type": "kitploit", "idList": ["KITPLOIT:4033244480100620751", "KITPLOIT:942518396640901655", "KITPLOIT:3456474172768099634", "KITPLOIT:698315176468431184", "KITPLOIT:3697667464193804316", "KITPLOIT:5187040326820919368", "KITPLOIT:5550923684662771880", "KITPLOIT:5230148353750207837", "KITPLOIT:5184284878903042540", "KITPLOIT:2590785192528609562", "KITPLOIT:1624142243530526923", "KITPLOIT:4074521293617632933"]}, {"type": "cisa", "idList": ["CISA:C70D91615E3DC8B589B493118D474566"]}, {"type": "securelist", "idList": ["SECURELIST:63306FA6D056BD9A04969409AC790D84"]}, {"type": "mssecure", "idList": ["MSSECURE:795E0A765679492C51FEFA2B19EAD597"]}, {"type": "mmpc", "idList": ["MMPC:795E0A765679492C51FEFA2B19EAD597"]}, {"type": "trendmicroblog", "idList": ["TRENDMICROBLOG:E17B66F8728189778826A0F497A540F2", "TRENDMICROBLOG:E0C479F55DF4C53A47CA2170110555AE"]}, {"type": "mskb", "idList": ["KB5005563"]}, {"type": "threatpost", "idList": ["THREATPOST:62DC935BF4DB4EF8A4F1E83519B1D5CD", "THREATPOST:6D61C560E85ECD0A7A35C55E74849510", "THREATPOST:3C3F20C93519036CC712D1CA3A6D7C48"]}, {"type": "nessus", "idList": ["SMB_NT_MS21_SEP_5005569.NASL", "SMB_NT_MS21_SEP_5005565.NASL", "SMB_NT_MS21_SEP_5005566.NASL", "SMB_NT_MS21_IE_SEPT_2021.NASL", "SMB_NT_MS21_SEP_5005613.NASL", "SMB_NT_MS21_SEP_INTERNET_EXPLORER.NASL", "SMB_NT_MS21_SEP_5005573.NASL", "SMB_NT_MS21_SEP_5005568.NASL"]}, {"type": "kaspersky", "idList": ["KLA12278", "KLA12277"]}, {"type": "malwarebytes", "idList": ["MALWAREBYTES:DB54B348AF1AC41987150B5CE7B1BC66", "MALWAREBYTES:76333D1F0FCAFD79FA2EDD4A4CAFBB38", "MALWAREBYTES:801E20618F96EF51F9E60F7BC7906C2B"]}, {"type": "krebs", "idList": ["KREBS:2EC42B845847A6DCFE50ECEB9FF61C29", "KREBS:409088FC2DFC219B74043104C2B672CC"]}, {"type": "thn", "idList": ["THN:67ECC712AB360F5A56F2434CDBF6B51F", "THN:59AE75C78D4644BFA6AD90225B3DE0C1", "THN:D4E86BD8938D3B2E15104CA4922A51F8"]}, {"type": "mscve", "idList": ["MS:CVE-2021-40444"]}, {"type": "avleonov", "idList": ["AVLEONOV:5945665DFA613F7707360C10CED8C916"]}, {"type": "qualysblog", "idList": ["QUALYSBLOG:5576D16DC39617927D8AEFF027CC0911"]}, {"type": "rapid7blog", "idList": ["RAPID7BLOG:CC071AA6971D64B0F7A596B2BBD5F046"]}], "modified": "2021-10-05T10:41:56", "rev": 2}, "score": {"value": 4.4, "vector": "NONE", "modified": "2021-10-05T10:41:56", "rev": 2}}, "objectVersion": "1.6", "attackerkb": {"attackerValue": 3, "exploitability": 2}, "wildExploited": true, "wildExploitedCategory": {"Vendor Advisory": "", "News Article or Blog": ""}, "wildExploitedReports": [{"category": "Vendor Advisory", "source_url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-40444", "published": "2021-09-07T18:47:00"}, {"category": "Vendor Advisory", "source_url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-40444", "published": "2021-09-07T22:50:00"}, {"category": "Vendor Advisory", "source_url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-40444", "published": "2021-09-09T09:55:00"}, {"category": "News Article or Blog", "source_url": "", "published": "2021-09-10T05:06:00"}, {"category": "Vendor Advisory", "source_url": "https://www.microsoft.com/security/blog/2021/09/15/analyzing-attacks-that-exploit-the-mshtml-cve-2021-40444-vulnerability/", "published": "2021-09-17T14:53:00"}, {"category": "Threat Feed", "source_url": "", "published": "2021-09-17T14:53:00"}], "references_categories": {"Canonical": ["https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-40444"], "Miscellaneous": ["https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-40444", "http://packetstormsecurity.com/files/164210/Microsoft-Windows-MSHTML-Overview.html"]}, "tags": ["requires_interaction", "obscure_configuration"], "mitre_vector": {"Execution": ["Command and Scripting Interpreter: Windows Command Shell(Validated)", "Exploitation for Client Execution(Validated)", "User Execution(Validated)"]}, "last_activity": "2021-09-25T00:00:00"}, "lastseen": "2021-10-10T07:41:27", "differentElements": ["href"], "edition": 68}, {"bulletin": {"id": "AKB:F7CCD0B7-220B-49E5-A4DF-27E26B64A3F0", "hash": "f895324dfc94580c2fd6a7d9a0f2f27a", "type": "attackerkb", "bulletinFamily": "info", "title": "CVE-2021-40444", "description": "Microsoft MSHTML Remote Code Execution Vulnerability\n\n \n**Recent assessments:** \n \n**JunquerGJ** at September 07, 2021 10:50pm UTC reported:\n\n * Vulnerable if default behaviour has been changed ( By default, Microsoft Office opens documents from the internet in Protected View or Application Guard for Office both of which prevent the current attack ) \n\n * Requires social engineering to be exploited \n\n * Workaround easy to deploy\n\n**ccondon-r7** at September 07, 2021 7:12pm UTC reported:\n\n * Vulnerable if default behaviour has been changed ( By default, Microsoft Office opens documents from the internet in Protected View or Application Guard for Office both of which prevent the current attack ) \n\n * Requires social engineering to be exploited \n\n * Workaround easy to deploy\n\n**nu11secur1ty** at September 22, 2021 4:28pm UTC reported:\n\n * Vulnerable if default behaviour has been changed ( By default, Microsoft Office opens documents from the internet in Protected View or Application Guard for Office both of which prevent the current attack ) \n\n * Requires social engineering to be exploited \n\n * Workaround easy to deploy\n\n**NinjaOperator** at September 07, 2021 6:45pm UTC reported:\n\n * Vulnerable if default behaviour has been changed ( By default, Microsoft Office opens documents from the internet in Protected View or Application Guard for Office both of which prevent the current attack ) \n\n * Requires social engineering to be exploited \n\n * Workaround easy to deploy\n\nAssessed Attacker Value: 3 \nAssessed Attacker Value: 3Assessed Attacker Value: 2\n", "published": "2021-09-15T00:00:00", "modified": "2021-09-25T00:00:00", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}, "cvss2": {}, "cvss3": {}, "href": "https://attackerkb.com/comments/d5168efc-757d-4584-a59f-dd75d566c156", "reporter": "AttackerKB", "references": ["https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-40444", "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-40444", "http://packetstormsecurity.com/files/164210/Microsoft-Windows-MSHTML-Overview.html"], "cvelist": ["CVE-2021-40444"], "immutableFields": [], "lastseen": "2021-10-10T10:41:15", "history": [], "viewCount": 52, "enchantments": {"dependencies": {"references": [{"type": "cve", "idList": ["CVE-2021-40444"]}, {"type": "kitploit", "idList": ["KITPLOIT:4033244480100620751", "KITPLOIT:942518396640901655", "KITPLOIT:3456474172768099634", "KITPLOIT:698315176468431184", "KITPLOIT:3697667464193804316", "KITPLOIT:5187040326820919368", "KITPLOIT:5550923684662771880", "KITPLOIT:5230148353750207837", "KITPLOIT:5184284878903042540", "KITPLOIT:2590785192528609562", "KITPLOIT:1624142243530526923", "KITPLOIT:4074521293617632933"]}, {"type": "cisa", "idList": ["CISA:C70D91615E3DC8B589B493118D474566"]}, {"type": "securelist", "idList": ["SECURELIST:63306FA6D056BD9A04969409AC790D84"]}, {"type": "mssecure", "idList": ["MSSECURE:795E0A765679492C51FEFA2B19EAD597"]}, {"type": "mmpc", "idList": ["MMPC:795E0A765679492C51FEFA2B19EAD597"]}, {"type": "trendmicroblog", "idList": ["TRENDMICROBLOG:E17B66F8728189778826A0F497A540F2", "TRENDMICROBLOG:E0C479F55DF4C53A47CA2170110555AE"]}, {"type": "mskb", "idList": ["KB5005563"]}, {"type": "threatpost", "idList": ["THREATPOST:62DC935BF4DB4EF8A4F1E83519B1D5CD", "THREATPOST:6D61C560E85ECD0A7A35C55E74849510", "THREATPOST:3C3F20C93519036CC712D1CA3A6D7C48"]}, {"type": "nessus", "idList": ["SMB_NT_MS21_SEP_5005569.NASL", "SMB_NT_MS21_SEP_5005565.NASL", "SMB_NT_MS21_SEP_5005566.NASL", "SMB_NT_MS21_IE_SEPT_2021.NASL", "SMB_NT_MS21_SEP_5005613.NASL", "SMB_NT_MS21_SEP_INTERNET_EXPLORER.NASL", "SMB_NT_MS21_SEP_5005573.NASL", "SMB_NT_MS21_SEP_5005568.NASL"]}, {"type": "kaspersky", "idList": ["KLA12278", "KLA12277"]}, {"type": "malwarebytes", "idList": ["MALWAREBYTES:DB54B348AF1AC41987150B5CE7B1BC66", "MALWAREBYTES:76333D1F0FCAFD79FA2EDD4A4CAFBB38", "MALWAREBYTES:801E20618F96EF51F9E60F7BC7906C2B"]}, {"type": "krebs", "idList": ["KREBS:2EC42B845847A6DCFE50ECEB9FF61C29", "KREBS:409088FC2DFC219B74043104C2B672CC"]}, {"type": "thn", "idList": ["THN:67ECC712AB360F5A56F2434CDBF6B51F", "THN:59AE75C78D4644BFA6AD90225B3DE0C1", "THN:D4E86BD8938D3B2E15104CA4922A51F8"]}, {"type": "mscve", "idList": ["MS:CVE-2021-40444"]}, {"type": "avleonov", "idList": ["AVLEONOV:5945665DFA613F7707360C10CED8C916"]}, {"type": "qualysblog", "idList": ["QUALYSBLOG:5576D16DC39617927D8AEFF027CC0911"]}, {"type": "rapid7blog", "idList": ["RAPID7BLOG:CC071AA6971D64B0F7A596B2BBD5F046"]}], "modified": "2021-10-05T10:41:56", "rev": 2}, "score": {"value": 4.4, "vector": "NONE", "modified": "2021-10-05T10:41:56", "rev": 2}}, "objectVersion": "1.6", "attackerkb": {"attackerValue": 3, "exploitability": 2}, "wildExploited": true, "wildExploitedCategory": {"Vendor Advisory": "", "News Article or Blog": ""}, "wildExploitedReports": [{"category": "Vendor Advisory", "source_url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-40444", "published": "2021-09-07T18:47:00"}, {"category": "Vendor Advisory", "source_url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-40444", "published": "2021-09-07T22:50:00"}, {"category": "Vendor Advisory", "source_url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-40444", "published": "2021-09-09T09:55:00"}, {"category": "News Article or Blog", "source_url": "", "published": "2021-09-10T05:06:00"}, {"category": "Vendor Advisory", "source_url": "https://www.microsoft.com/security/blog/2021/09/15/analyzing-attacks-that-exploit-the-mshtml-cve-2021-40444-vulnerability/", "published": "2021-09-17T14:53:00"}, {"category": "Threat Feed", "source_url": "", "published": "2021-09-17T14:53:00"}], "references_categories": {"Canonical": ["https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-40444"], "Miscellaneous": ["https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-40444", "http://packetstormsecurity.com/files/164210/Microsoft-Windows-MSHTML-Overview.html"]}, "tags": ["requires_interaction", "obscure_configuration"], "mitre_vector": {"Execution": ["Command and Scripting Interpreter: Windows Command Shell(Validated)", "Exploitation for Client Execution(Validated)", "User Execution(Validated)"]}, "last_activity": "2021-09-25T00:00:00"}, "lastseen": "2021-10-10T10:41:15", "differentElements": ["href"], "edition": 69}, {"bulletin": {"id": "AKB:F7CCD0B7-220B-49E5-A4DF-27E26B64A3F0", "hash": "3d52b470d5472513daaca763ba17c977", "type": "attackerkb", "bulletinFamily": "info", "title": "CVE-2021-40444", "description": "Microsoft MSHTML Remote Code Execution Vulnerability\n\n \n**Recent assessments:** \n \n**JunquerGJ** at September 07, 2021 10:50pm UTC reported:\n\n * Vulnerable if default behaviour has been changed ( By default, Microsoft Office opens documents from the internet in Protected View or Application Guard for Office both of which prevent the current attack ) \n\n * Requires social engineering to be exploited \n\n * Workaround easy to deploy\n\n**ccondon-r7** at September 07, 2021 7:12pm UTC reported:\n\n * Vulnerable if default behaviour has been changed ( By default, Microsoft Office opens documents from the internet in Protected View or Application Guard for Office both of which prevent the current attack ) \n\n * Requires social engineering to be exploited \n\n * Workaround easy to deploy\n\n**nu11secur1ty** at September 22, 2021 4:28pm UTC reported:\n\n * Vulnerable if default behaviour has been changed ( By default, Microsoft Office opens documents from the internet in Protected View or Application Guard for Office both of which prevent the current attack ) \n\n * Requires social engineering to be exploited \n\n * Workaround easy to deploy\n\n**NinjaOperator** at September 07, 2021 6:45pm UTC reported:\n\n * Vulnerable if default behaviour has been changed ( By default, Microsoft Office opens documents from the internet in Protected View or Application Guard for Office both of which prevent the current attack ) \n\n * Requires social engineering to be exploited \n\n * Workaround easy to deploy\n\nAssessed Attacker Value: 3 \nAssessed Attacker Value: 3Assessed Attacker Value: 2\n", "published": "2021-09-15T00:00:00", "modified": "2021-09-25T00:00:00", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}, "cvss2": {}, "cvss3": {}, "href": "https://attackerkb.com/topics/6ojqzQoPox/cve-2021-40444", "reporter": "AttackerKB", "references": ["https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-40444", "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-40444", "http://packetstormsecurity.com/files/164210/Microsoft-Windows-MSHTML-Overview.html"], "cvelist": ["CVE-2021-40444"], "immutableFields": [], "lastseen": "2021-10-10T10:41:21", "history": [], "viewCount": 52, "enchantments": {"dependencies": {"references": [{"type": "cve", "idList": ["CVE-2021-40444"]}, {"type": "kitploit", "idList": ["KITPLOIT:4033244480100620751", "KITPLOIT:942518396640901655", "KITPLOIT:3456474172768099634", "KITPLOIT:698315176468431184", "KITPLOIT:3697667464193804316", "KITPLOIT:5187040326820919368", "KITPLOIT:5550923684662771880", "KITPLOIT:5230148353750207837", "KITPLOIT:5184284878903042540", "KITPLOIT:2590785192528609562", "KITPLOIT:1624142243530526923", "KITPLOIT:4074521293617632933"]}, {"type": "cisa", "idList": ["CISA:C70D91615E3DC8B589B493118D474566"]}, {"type": "securelist", "idList": ["SECURELIST:63306FA6D056BD9A04969409AC790D84"]}, {"type": "mssecure", "idList": ["MSSECURE:795E0A765679492C51FEFA2B19EAD597"]}, {"type": "mmpc", "idList": ["MMPC:795E0A765679492C51FEFA2B19EAD597"]}, {"type": "trendmicroblog", "idList": ["TRENDMICROBLOG:E17B66F8728189778826A0F497A540F2", "TRENDMICROBLOG:E0C479F55DF4C53A47CA2170110555AE"]}, {"type": "mskb", "idList": ["KB5005563"]}, {"type": "threatpost", "idList": ["THREATPOST:62DC935BF4DB4EF8A4F1E83519B1D5CD", "THREATPOST:6D61C560E85ECD0A7A35C55E74849510", "THREATPOST:3C3F20C93519036CC712D1CA3A6D7C48"]}, {"type": "nessus", "idList": ["SMB_NT_MS21_SEP_5005569.NASL", "SMB_NT_MS21_SEP_5005565.NASL", "SMB_NT_MS21_SEP_5005566.NASL", "SMB_NT_MS21_IE_SEPT_2021.NASL", "SMB_NT_MS21_SEP_5005613.NASL", "SMB_NT_MS21_SEP_INTERNET_EXPLORER.NASL", "SMB_NT_MS21_SEP_5005573.NASL", "SMB_NT_MS21_SEP_5005568.NASL"]}, {"type": "kaspersky", "idList": ["KLA12278", "KLA12277"]}, {"type": "malwarebytes", "idList": ["MALWAREBYTES:DB54B348AF1AC41987150B5CE7B1BC66", "MALWAREBYTES:76333D1F0FCAFD79FA2EDD4A4CAFBB38", "MALWAREBYTES:801E20618F96EF51F9E60F7BC7906C2B"]}, {"type": "krebs", "idList": ["KREBS:2EC42B845847A6DCFE50ECEB9FF61C29", "KREBS:409088FC2DFC219B74043104C2B672CC"]}, {"type": "thn", "idList": ["THN:67ECC712AB360F5A56F2434CDBF6B51F", "THN:59AE75C78D4644BFA6AD90225B3DE0C1", "THN:D4E86BD8938D3B2E15104CA4922A51F8"]}, {"type": "mscve", "idList": ["MS:CVE-2021-40444"]}, {"type": "avleonov", "idList": ["AVLEONOV:5945665DFA613F7707360C10CED8C916"]}, {"type": "qualysblog", "idList": ["QUALYSBLOG:5576D16DC39617927D8AEFF027CC0911"]}, {"type": "rapid7blog", "idList": ["RAPID7BLOG:CC071AA6971D64B0F7A596B2BBD5F046"]}], "modified": "2021-10-05T10:41:56", "rev": 2}, "score": {"value": 4.4, "vector": "NONE", "modified": "2021-10-05T10:41:56", "rev": 2}}, "objectVersion": "1.6", "attackerkb": {"attackerValue": 3, "exploitability": 2}, "wildExploited": true, "wildExploitedCategory": {"Vendor Advisory": "", "News Article or Blog": ""}, "wildExploitedReports": [{"category": "Vendor Advisory", "source_url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-40444", "published": "2021-09-07T18:47:00"}, {"category": "Vendor Advisory", "source_url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-40444", "published": "2021-09-07T22:50:00"}, {"category": "Vendor Advisory", "source_url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-40444", "published": "2021-09-09T09:55:00"}, {"category": "News Article or Blog", "source_url": "", "published": "2021-09-10T05:06:00"}, {"category": "Vendor Advisory", "source_url": "https://www.microsoft.com/security/blog/2021/09/15/analyzing-attacks-that-exploit-the-mshtml-cve-2021-40444-vulnerability/", "published": "2021-09-17T14:53:00"}, {"category": "Threat Feed", "source_url": "", "published": "2021-09-17T14:53:00"}], "references_categories": {"Canonical": ["https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-40444"], "Miscellaneous": ["https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-40444", "http://packetstormsecurity.com/files/164210/Microsoft-Windows-MSHTML-Overview.html"]}, "tags": ["requires_interaction", "obscure_configuration"], "mitre_vector": {"Execution": ["Command and Scripting Interpreter: Windows Command Shell(Validated)", "Exploitation for Client Execution(Validated)", "User Execution(Validated)"]}, "last_activity": "2021-09-25T00:00:00"}, "lastseen": "2021-10-10T10:41:21", "differentElements": ["href"], "edition": 70}, {"bulletin": {"id": "AKB:F7CCD0B7-220B-49E5-A4DF-27E26B64A3F0", "hash": "f895324dfc94580c2fd6a7d9a0f2f27a", "type": "attackerkb", "bulletinFamily": "info", "title": "CVE-2021-40444", "description": "Microsoft MSHTML Remote Code Execution Vulnerability\n\n \n**Recent assessments:** \n \n**JunquerGJ** at September 07, 2021 10:50pm UTC reported:\n\n * Vulnerable if default behaviour has been changed ( By default, Microsoft Office opens documents from the internet in Protected View or Application Guard for Office both of which prevent the current attack ) \n\n * Requires social engineering to be exploited \n\n * Workaround easy to deploy\n\n**ccondon-r7** at September 07, 2021 7:12pm UTC reported:\n\n * Vulnerable if default behaviour has been changed ( By default, Microsoft Office opens documents from the internet in Protected View or Application Guard for Office both of which prevent the current attack ) \n\n * Requires social engineering to be exploited \n\n * Workaround easy to deploy\n\n**nu11secur1ty** at September 22, 2021 4:28pm UTC reported:\n\n * Vulnerable if default behaviour has been changed ( By default, Microsoft Office opens documents from the internet in Protected View or Application Guard for Office both of which prevent the current attack ) \n\n * Requires social engineering to be exploited \n\n * Workaround easy to deploy\n\n**NinjaOperator** at September 07, 2021 6:45pm UTC reported:\n\n * Vulnerable if default behaviour has been changed ( By default, Microsoft Office opens documents from the internet in Protected View or Application Guard for Office both of which prevent the current attack ) \n\n * Requires social engineering to be exploited \n\n * Workaround easy to deploy\n\nAssessed Attacker Value: 3 \nAssessed Attacker Value: 3Assessed Attacker Value: 2\n", "published": "2021-09-15T00:00:00", "modified": "2021-09-25T00:00:00", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}, "cvss2": {}, "cvss3": {}, "href": "https://attackerkb.com/comments/d5168efc-757d-4584-a59f-dd75d566c156", "reporter": "AttackerKB", "references": ["https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-40444", "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-40444", "http://packetstormsecurity.com/files/164210/Microsoft-Windows-MSHTML-Overview.html"], "cvelist": ["CVE-2021-40444"], "immutableFields": [], "lastseen": "2021-10-10T13:41:55", "history": [], "viewCount": 52, "enchantments": {"dependencies": {"references": [{"type": "cve", "idList": ["CVE-2021-40444"]}, {"type": "kitploit", "idList": ["KITPLOIT:4033244480100620751", "KITPLOIT:942518396640901655", "KITPLOIT:3456474172768099634", "KITPLOIT:698315176468431184", "KITPLOIT:3697667464193804316", "KITPLOIT:5187040326820919368", "KITPLOIT:5550923684662771880", "KITPLOIT:5230148353750207837", "KITPLOIT:5184284878903042540", "KITPLOIT:2590785192528609562", "KITPLOIT:1624142243530526923", "KITPLOIT:4074521293617632933"]}, {"type": "cisa", "idList": ["CISA:C70D91615E3DC8B589B493118D474566"]}, {"type": "securelist", "idList": ["SECURELIST:63306FA6D056BD9A04969409AC790D84"]}, {"type": "mssecure", "idList": ["MSSECURE:795E0A765679492C51FEFA2B19EAD597"]}, {"type": "mmpc", "idList": ["MMPC:795E0A765679492C51FEFA2B19EAD597"]}, {"type": "trendmicroblog", "idList": ["TRENDMICROBLOG:E17B66F8728189778826A0F497A540F2", "TRENDMICROBLOG:E0C479F55DF4C53A47CA2170110555AE"]}, {"type": "mskb", "idList": ["KB5005563"]}, {"type": "threatpost", "idList": ["THREATPOST:62DC935BF4DB4EF8A4F1E83519B1D5CD", "THREATPOST:6D61C560E85ECD0A7A35C55E74849510", "THREATPOST:3C3F20C93519036CC712D1CA3A6D7C48"]}, {"type": "nessus", "idList": ["SMB_NT_MS21_SEP_5005569.NASL", "SMB_NT_MS21_SEP_5005565.NASL", "SMB_NT_MS21_SEP_5005566.NASL", "SMB_NT_MS21_IE_SEPT_2021.NASL", "SMB_NT_MS21_SEP_5005613.NASL", "SMB_NT_MS21_SEP_INTERNET_EXPLORER.NASL", "SMB_NT_MS21_SEP_5005573.NASL", "SMB_NT_MS21_SEP_5005568.NASL"]}, {"type": "kaspersky", "idList": ["KLA12278", "KLA12277"]}, {"type": "malwarebytes", "idList": ["MALWAREBYTES:DB54B348AF1AC41987150B5CE7B1BC66", "MALWAREBYTES:76333D1F0FCAFD79FA2EDD4A4CAFBB38", "MALWAREBYTES:801E20618F96EF51F9E60F7BC7906C2B"]}, {"type": "krebs", "idList": ["KREBS:2EC42B845847A6DCFE50ECEB9FF61C29", "KREBS:409088FC2DFC219B74043104C2B672CC"]}, {"type": "thn", "idList": ["THN:67ECC712AB360F5A56F2434CDBF6B51F", "THN:59AE75C78D4644BFA6AD90225B3DE0C1", "THN:D4E86BD8938D3B2E15104CA4922A51F8"]}, {"type": "mscve", "idList": ["MS:CVE-2021-40444"]}, {"type": "avleonov", "idList": ["AVLEONOV:5945665DFA613F7707360C10CED8C916"]}, {"type": "qualysblog", "idList": ["QUALYSBLOG:5576D16DC39617927D8AEFF027CC0911"]}, {"type": "rapid7blog", "idList": ["RAPID7BLOG:CC071AA6971D64B0F7A596B2BBD5F046"]}], "modified": "2021-10-05T10:41:56", "rev": 2}, "score": {"value": 4.4, "vector": "NONE", "modified": "2021-10-05T10:41:56", "rev": 2}}, "objectVersion": "1.6", "attackerkb": {"attackerValue": 3, "exploitability": 2}, "wildExploited": true, "wildExploitedCategory": {"Vendor Advisory": "", "News Article or Blog": ""}, "wildExploitedReports": [{"category": "Vendor Advisory", "source_url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-40444", "published": "2021-09-07T18:47:00"}, {"category": "Vendor Advisory", "source_url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-40444", "published": "2021-09-07T22:50:00"}, {"category": "Vendor Advisory", "source_url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-40444", "published": "2021-09-09T09:55:00"}, {"category": "News Article or Blog", "source_url": "", "published": "2021-09-10T05:06:00"}, {"category": "Vendor Advisory", "source_url": "https://www.microsoft.com/security/blog/2021/09/15/analyzing-attacks-that-exploit-the-mshtml-cve-2021-40444-vulnerability/", "published": "2021-09-17T14:53:00"}, {"category": "Threat Feed", "source_url": "", "published": "2021-09-17T14:53:00"}], "references_categories": {"Canonical": ["https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-40444"], "Miscellaneous": ["https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-40444", "http://packetstormsecurity.com/files/164210/Microsoft-Windows-MSHTML-Overview.html"]}, "tags": ["requires_interaction", "obscure_configuration"], "mitre_vector": {"Execution": ["Command and Scripting Interpreter: Windows Command Shell(Validated)", "Exploitation for Client Execution(Validated)", "User Execution(Validated)"]}, "last_activity": "2021-09-25T00:00:00"}, "lastseen": "2021-10-10T13:41:55", "differentElements": ["href"], "edition": 71}, {"bulletin": {"id": "AKB:F7CCD0B7-220B-49E5-A4DF-27E26B64A3F0", "hash": "3d52b470d5472513daaca763ba17c977", "type": "attackerkb", "bulletinFamily": "info", "title": "CVE-2021-40444", "description": "Microsoft MSHTML Remote Code Execution Vulnerability\n\n \n**Recent assessments:** \n \n**JunquerGJ** at September 07, 2021 10:50pm UTC reported:\n\n * Vulnerable if default behaviour has been changed ( By default, Microsoft Office opens documents from the internet in Protected View or Application Guard for Office both of which prevent the current attack ) \n\n * Requires social engineering to be exploited \n\n * Workaround easy to deploy\n\n**ccondon-r7** at September 07, 2021 7:12pm UTC reported:\n\n * Vulnerable if default behaviour has been changed ( By default, Microsoft Office opens documents from the internet in Protected View or Application Guard for Office both of which prevent the current attack ) \n\n * Requires social engineering to be exploited \n\n * Workaround easy to deploy\n\n**nu11secur1ty** at September 22, 2021 4:28pm UTC reported:\n\n * Vulnerable if default behaviour has been changed ( By default, Microsoft Office opens documents from the internet in Protected View or Application Guard for Office both of which prevent the current attack ) \n\n * Requires social engineering to be exploited \n\n * Workaround easy to deploy\n\n**NinjaOperator** at September 07, 2021 6:45pm UTC reported:\n\n * Vulnerable if default behaviour has been changed ( By default, Microsoft Office opens documents from the internet in Protected View or Application Guard for Office both of which prevent the current attack ) \n\n * Requires social engineering to be exploited \n\n * Workaround easy to deploy\n\nAssessed Attacker Value: 3 \nAssessed Attacker Value: 3Assessed Attacker Value: 2\n", "published": "2021-09-15T00:00:00", "modified": "2021-09-25T00:00:00", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}, "cvss2": {}, "cvss3": {}, "href": "https://attackerkb.com/topics/6ojqzQoPox/cve-2021-40444", "reporter": "AttackerKB", "references": ["https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-40444", "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-40444", "http://packetstormsecurity.com/files/164210/Microsoft-Windows-MSHTML-Overview.html"], "cvelist": ["CVE-2021-40444"], "immutableFields": [], "lastseen": "2021-10-10T13:42:00", "history": [], "viewCount": 52, "enchantments": {"dependencies": {"references": [{"type": "cve", "idList": ["CVE-2021-40444"]}, {"type": "kitploit", "idList": ["KITPLOIT:4033244480100620751", "KITPLOIT:942518396640901655", "KITPLOIT:3456474172768099634", "KITPLOIT:698315176468431184", "KITPLOIT:3697667464193804316", "KITPLOIT:5187040326820919368", "KITPLOIT:5550923684662771880", "KITPLOIT:5230148353750207837", "KITPLOIT:5184284878903042540", "KITPLOIT:2590785192528609562", "KITPLOIT:1624142243530526923", "KITPLOIT:4074521293617632933"]}, {"type": "cisa", "idList": ["CISA:C70D91615E3DC8B589B493118D474566"]}, {"type": "securelist", "idList": ["SECURELIST:63306FA6D056BD9A04969409AC790D84"]}, {"type": "mssecure", "idList": ["MSSECURE:795E0A765679492C51FEFA2B19EAD597"]}, {"type": "mmpc", "idList": ["MMPC:795E0A765679492C51FEFA2B19EAD597"]}, {"type": "trendmicroblog", "idList": ["TRENDMICROBLOG:E17B66F8728189778826A0F497A540F2", "TRENDMICROBLOG:E0C479F55DF4C53A47CA2170110555AE"]}, {"type": "mskb", "idList": ["KB5005563"]}, {"type": "threatpost", "idList": ["THREATPOST:62DC935BF4DB4EF8A4F1E83519B1D5CD", "THREATPOST:6D61C560E85ECD0A7A35C55E74849510", "THREATPOST:3C3F20C93519036CC712D1CA3A6D7C48"]}, {"type": "nessus", "idList": ["SMB_NT_MS21_SEP_5005569.NASL", "SMB_NT_MS21_SEP_5005565.NASL", "SMB_NT_MS21_SEP_5005566.NASL", "SMB_NT_MS21_IE_SEPT_2021.NASL", "SMB_NT_MS21_SEP_5005613.NASL", "SMB_NT_MS21_SEP_INTERNET_EXPLORER.NASL", "SMB_NT_MS21_SEP_5005573.NASL", "SMB_NT_MS21_SEP_5005568.NASL"]}, {"type": "kaspersky", "idList": ["KLA12278", "KLA12277"]}, {"type": "malwarebytes", "idList": ["MALWAREBYTES:DB54B348AF1AC41987150B5CE7B1BC66", "MALWAREBYTES:76333D1F0FCAFD79FA2EDD4A4CAFBB38", "MALWAREBYTES:801E20618F96EF51F9E60F7BC7906C2B"]}, {"type": "krebs", "idList": ["KREBS:2EC42B845847A6DCFE50ECEB9FF61C29", "KREBS:409088FC2DFC219B74043104C2B672CC"]}, {"type": "thn", "idList": ["THN:67ECC712AB360F5A56F2434CDBF6B51F", "THN:59AE75C78D4644BFA6AD90225B3DE0C1", "THN:D4E86BD8938D3B2E15104CA4922A51F8"]}, {"type": "mscve", "idList": ["MS:CVE-2021-40444"]}, {"type": "avleonov", "idList": ["AVLEONOV:5945665DFA613F7707360C10CED8C916"]}, {"type": "qualysblog", "idList": ["QUALYSBLOG:5576D16DC39617927D8AEFF027CC0911"]}, {"type": "rapid7blog", "idList": ["RAPID7BLOG:CC071AA6971D64B0F7A596B2BBD5F046"]}], "modified": "2021-10-05T10:41:56", "rev": 2}, "score": {"value": 4.4, "vector": "NONE", "modified": "2021-10-05T10:41:56", "rev": 2}}, "objectVersion": "1.6", "attackerkb": {"attackerValue": 3, "exploitability": 2}, "wildExploited": true, "wildExploitedCategory": {"Vendor Advisory": "", "News Article or Blog": ""}, "wildExploitedReports": [{"category": "Vendor Advisory", "source_url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-40444", "published": "2021-09-07T18:47:00"}, {"category": "Vendor Advisory", "source_url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-40444", "published": "2021-09-07T22:50:00"}, {"category": "Vendor Advisory", "source_url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-40444", "published": "2021-09-09T09:55:00"}, {"category": "News Article or Blog", "source_url": "", "published": "2021-09-10T05:06:00"}, {"category": "Vendor Advisory", "source_url": "https://www.microsoft.com/security/blog/2021/09/15/analyzing-attacks-that-exploit-the-mshtml-cve-2021-40444-vulnerability/", "published": "2021-09-17T14:53:00"}, {"category": "Threat Feed", "source_url": "", "published": "2021-09-17T14:53:00"}], "references_categories": {"Canonical": ["https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-40444"], "Miscellaneous": ["https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-40444", "http://packetstormsecurity.com/files/164210/Microsoft-Windows-MSHTML-Overview.html"]}, "tags": ["requires_interaction", "obscure_configuration"], "mitre_vector": {"Execution": ["Command and Scripting Interpreter: Windows Command Shell(Validated)", "Exploitation for Client Execution(Validated)", "User Execution(Validated)"]}, "last_activity": "2021-09-25T00:00:00"}, "lastseen": "2021-10-10T13:42:00", "differentElements": ["href"], "edition": 72}, {"bulletin": {"id": "AKB:F7CCD0B7-220B-49E5-A4DF-27E26B64A3F0", "hash": "f895324dfc94580c2fd6a7d9a0f2f27a", "type": "attackerkb", "bulletinFamily": "info", "title": "CVE-2021-40444", "description": "Microsoft MSHTML Remote Code Execution Vulnerability\n\n \n**Recent assessments:** \n \n**JunquerGJ** at September 07, 2021 10:50pm UTC reported:\n\n * Vulnerable if default behaviour has been changed ( By default, Microsoft Office opens documents from the internet in Protected View or Application Guard for Office both of which prevent the current attack ) \n\n * Requires social engineering to be exploited \n\n * Workaround easy to deploy\n\n**ccondon-r7** at September 07, 2021 7:12pm UTC reported:\n\n * Vulnerable if default behaviour has been changed ( By default, Microsoft Office opens documents from the internet in Protected View or Application Guard for Office both of which prevent the current attack ) \n\n * Requires social engineering to be exploited \n\n * Workaround easy to deploy\n\n**nu11secur1ty** at September 22, 2021 4:28pm UTC reported:\n\n * Vulnerable if default behaviour has been changed ( By default, Microsoft Office opens documents from the internet in Protected View or Application Guard for Office both of which prevent the current attack ) \n\n * Requires social engineering to be exploited \n\n * Workaround easy to deploy\n\n**NinjaOperator** at September 07, 2021 6:45pm UTC reported:\n\n * Vulnerable if default behaviour has been changed ( By default, Microsoft Office opens documents from the internet in Protected View or Application Guard for Office both of which prevent the current attack ) \n\n * Requires social engineering to be exploited \n\n * Workaround easy to deploy\n\nAssessed Attacker Value: 3 \nAssessed Attacker Value: 3Assessed Attacker Value: 2\n", "published": "2021-09-15T00:00:00", "modified": "2021-09-25T00:00:00", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}, "cvss2": {}, "cvss3": {}, "href": "https://attackerkb.com/comments/d5168efc-757d-4584-a59f-dd75d566c156", "reporter": "AttackerKB", "references": ["https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-40444", "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-40444", "http://packetstormsecurity.com/files/164210/Microsoft-Windows-MSHTML-Overview.html"], "cvelist": ["CVE-2021-40444"], "immutableFields": [], "lastseen": "2021-10-10T16:41:54", "history": [], "viewCount": 52, "enchantments": {"dependencies": {"references": [{"type": "cve", "idList": ["CVE-2021-40444"]}, {"type": "kitploit", "idList": ["KITPLOIT:4033244480100620751", "KITPLOIT:942518396640901655", "KITPLOIT:3456474172768099634", "KITPLOIT:698315176468431184", "KITPLOIT:3697667464193804316", "KITPLOIT:5187040326820919368", "KITPLOIT:5550923684662771880", "KITPLOIT:5230148353750207837", "KITPLOIT:5184284878903042540", "KITPLOIT:2590785192528609562", "KITPLOIT:1624142243530526923", "KITPLOIT:4074521293617632933"]}, {"type": "cisa", "idList": ["CISA:C70D91615E3DC8B589B493118D474566"]}, {"type": "securelist", "idList": ["SECURELIST:63306FA6D056BD9A04969409AC790D84"]}, {"type": "mssecure", "idList": ["MSSECURE:795E0A765679492C51FEFA2B19EAD597"]}, {"type": "mmpc", "idList": ["MMPC:795E0A765679492C51FEFA2B19EAD597"]}, {"type": "trendmicroblog", "idList": ["TRENDMICROBLOG:E17B66F8728189778826A0F497A540F2", "TRENDMICROBLOG:E0C479F55DF4C53A47CA2170110555AE"]}, {"type": "mskb", "idList": ["KB5005563"]}, {"type": "threatpost", "idList": ["THREATPOST:62DC935BF4DB4EF8A4F1E83519B1D5CD", "THREATPOST:6D61C560E85ECD0A7A35C55E74849510", "THREATPOST:3C3F20C93519036CC712D1CA3A6D7C48"]}, {"type": "nessus", "idList": ["SMB_NT_MS21_SEP_5005569.NASL", "SMB_NT_MS21_SEP_5005565.NASL", "SMB_NT_MS21_SEP_5005566.NASL", "SMB_NT_MS21_IE_SEPT_2021.NASL", "SMB_NT_MS21_SEP_5005613.NASL", "SMB_NT_MS21_SEP_INTERNET_EXPLORER.NASL", "SMB_NT_MS21_SEP_5005573.NASL", "SMB_NT_MS21_SEP_5005568.NASL"]}, {"type": "kaspersky", "idList": ["KLA12278", "KLA12277"]}, {"type": "malwarebytes", "idList": ["MALWAREBYTES:DB54B348AF1AC41987150B5CE7B1BC66", "MALWAREBYTES:76333D1F0FCAFD79FA2EDD4A4CAFBB38", "MALWAREBYTES:801E20618F96EF51F9E60F7BC7906C2B"]}, {"type": "krebs", "idList": ["KREBS:2EC42B845847A6DCFE50ECEB9FF61C29", "KREBS:409088FC2DFC219B74043104C2B672CC"]}, {"type": "thn", "idList": ["THN:67ECC712AB360F5A56F2434CDBF6B51F", "THN:59AE75C78D4644BFA6AD90225B3DE0C1", "THN:D4E86BD8938D3B2E15104CA4922A51F8"]}, {"type": "mscve", "idList": ["MS:CVE-2021-40444"]}, {"type": "avleonov", "idList": ["AVLEONOV:5945665DFA613F7707360C10CED8C916"]}, {"type": "qualysblog", "idList": ["QUALYSBLOG:5576D16DC39617927D8AEFF027CC0911"]}, {"type": "rapid7blog", "idList": ["RAPID7BLOG:CC071AA6971D64B0F7A596B2BBD5F046"]}], "modified": "2021-10-05T10:41:56", "rev": 2}, "score": {"value": 4.4, "vector": "NONE", "modified": "2021-10-05T10:41:56", "rev": 2}}, "objectVersion": "1.6", "attackerkb": {"attackerValue": 3, "exploitability": 2}, "wildExploited": true, "wildExploitedCategory": {"Vendor Advisory": "", "News Article or Blog": ""}, "wildExploitedReports": [{"category": "Vendor Advisory", "source_url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-40444", "published": "2021-09-07T18:47:00"}, {"category": "Vendor Advisory", "source_url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-40444", "published": "2021-09-07T22:50:00"}, {"category": "Vendor Advisory", "source_url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-40444", "published": "2021-09-09T09:55:00"}, {"category": "News Article or Blog", "source_url": "", "published": "2021-09-10T05:06:00"}, {"category": "Vendor Advisory", "source_url": "https://www.microsoft.com/security/blog/2021/09/15/analyzing-attacks-that-exploit-the-mshtml-cve-2021-40444-vulnerability/", "published": "2021-09-17T14:53:00"}, {"category": "Threat Feed", "source_url": "", "published": "2021-09-17T14:53:00"}], "references_categories": {"Canonical": ["https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-40444"], "Miscellaneous": ["https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-40444", "http://packetstormsecurity.com/files/164210/Microsoft-Windows-MSHTML-Overview.html"]}, "tags": ["requires_interaction", "obscure_configuration"], "mitre_vector": {"Execution": ["Command and Scripting Interpreter: Windows Command Shell(Validated)", "Exploitation for Client Execution(Validated)", "User Execution(Validated)"]}, "last_activity": "2021-09-25T00:00:00"}, "lastseen": "2021-10-10T16:41:54", "differentElements": ["href"], "edition": 73}, {"bulletin": {"id": "AKB:F7CCD0B7-220B-49E5-A4DF-27E26B64A3F0", "hash": "3d52b470d5472513daaca763ba17c977", "type": "attackerkb", "bulletinFamily": "info", "title": "CVE-2021-40444", "description": "Microsoft MSHTML Remote Code Execution Vulnerability\n\n \n**Recent assessments:** \n \n**JunquerGJ** at September 07, 2021 10:50pm UTC reported:\n\n * Vulnerable if default behaviour has been changed ( By default, Microsoft Office opens documents from the internet in Protected View or Application Guard for Office both of which prevent the current attack ) \n\n * Requires social engineering to be exploited \n\n * Workaround easy to deploy\n\n**ccondon-r7** at September 07, 2021 7:12pm UTC reported:\n\n * Vulnerable if default behaviour has been changed ( By default, Microsoft Office opens documents from the internet in Protected View or Application Guard for Office both of which prevent the current attack ) \n\n * Requires social engineering to be exploited \n\n * Workaround easy to deploy\n\n**nu11secur1ty** at September 22, 2021 4:28pm UTC reported:\n\n * Vulnerable if default behaviour has been changed ( By default, Microsoft Office opens documents from the internet in Protected View or Application Guard for Office both of which prevent the current attack ) \n\n * Requires social engineering to be exploited \n\n * Workaround easy to deploy\n\n**NinjaOperator** at September 07, 2021 6:45pm UTC reported:\n\n * Vulnerable if default behaviour has been changed ( By default, Microsoft Office opens documents from the internet in Protected View or Application Guard for Office both of which prevent the current attack ) \n\n * Requires social engineering to be exploited \n\n * Workaround easy to deploy\n\nAssessed Attacker Value: 3 \nAssessed Attacker Value: 3Assessed Attacker Value: 2\n", "published": "2021-09-15T00:00:00", "modified": "2021-09-25T00:00:00", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}, "cvss2": {}, "cvss3": {}, "href": "https://attackerkb.com/topics/6ojqzQoPox/cve-2021-40444", "reporter": "AttackerKB", "references": ["https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-40444", "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-40444", "http://packetstormsecurity.com/files/164210/Microsoft-Windows-MSHTML-Overview.html"], "cvelist": ["CVE-2021-40444"], "immutableFields": [], "lastseen": "2021-10-10T16:42:01", "history": [], "viewCount": 53, "enchantments": {"dependencies": {"references": [{"type": "cve", "idList": ["CVE-2021-40444"]}, {"type": "kitploit", "idList": ["KITPLOIT:4033244480100620751", "KITPLOIT:942518396640901655", "KITPLOIT:3456474172768099634", "KITPLOIT:698315176468431184", "KITPLOIT:3697667464193804316", "KITPLOIT:5187040326820919368", "KITPLOIT:5550923684662771880", "KITPLOIT:5230148353750207837", "KITPLOIT:5184284878903042540", "KITPLOIT:2590785192528609562", "KITPLOIT:1624142243530526923", "KITPLOIT:4074521293617632933"]}, {"type": "cisa", "idList": ["CISA:C70D91615E3DC8B589B493118D474566"]}, {"type": "securelist", "idList": ["SECURELIST:63306FA6D056BD9A04969409AC790D84"]}, {"type": "mssecure", "idList": ["MSSECURE:795E0A765679492C51FEFA2B19EAD597"]}, {"type": "mmpc", "idList": ["MMPC:795E0A765679492C51FEFA2B19EAD597"]}, {"type": "trendmicroblog", "idList": ["TRENDMICROBLOG:E17B66F8728189778826A0F497A540F2", "TRENDMICROBLOG:E0C479F55DF4C53A47CA2170110555AE"]}, {"type": "mskb", "idList": ["KB5005563"]}, {"type": "threatpost", "idList": ["THREATPOST:62DC935BF4DB4EF8A4F1E83519B1D5CD", "THREATPOST:6D61C560E85ECD0A7A35C55E74849510", "THREATPOST:3C3F20C93519036CC712D1CA3A6D7C48"]}, {"type": "nessus", "idList": ["SMB_NT_MS21_SEP_5005569.NASL", "SMB_NT_MS21_SEP_5005565.NASL", "SMB_NT_MS21_SEP_5005566.NASL", "SMB_NT_MS21_IE_SEPT_2021.NASL", "SMB_NT_MS21_SEP_5005613.NASL", "SMB_NT_MS21_SEP_INTERNET_EXPLORER.NASL", "SMB_NT_MS21_SEP_5005573.NASL", "SMB_NT_MS21_SEP_5005568.NASL"]}, {"type": "kaspersky", "idList": ["KLA12278", "KLA12277"]}, {"type": "malwarebytes", "idList": ["MALWAREBYTES:DB54B348AF1AC41987150B5CE7B1BC66", "MALWAREBYTES:76333D1F0FCAFD79FA2EDD4A4CAFBB38", "MALWAREBYTES:801E20618F96EF51F9E60F7BC7906C2B"]}, {"type": "krebs", "idList": ["KREBS:2EC42B845847A6DCFE50ECEB9FF61C29", "KREBS:409088FC2DFC219B74043104C2B672CC"]}, {"type": "thn", "idList": ["THN:67ECC712AB360F5A56F2434CDBF6B51F", "THN:59AE75C78D4644BFA6AD90225B3DE0C1", "THN:D4E86BD8938D3B2E15104CA4922A51F8"]}, {"type": "mscve", "idList": ["MS:CVE-2021-40444"]}, {"type": "avleonov", "idList": ["AVLEONOV:5945665DFA613F7707360C10CED8C916"]}, {"type": "qualysblog", "idList": ["QUALYSBLOG:5576D16DC39617927D8AEFF027CC0911"]}, {"type": "rapid7blog", "idList": ["RAPID7BLOG:CC071AA6971D64B0F7A596B2BBD5F046"]}], "modified": "2021-10-05T10:41:56", "rev": 2}, "score": {"value": 4.4, "vector": "NONE", "modified": "2021-10-05T10:41:56", "rev": 2}}, "objectVersion": "1.6", "attackerkb": {"attackerValue": 3, "exploitability": 2}, "wildExploited": true, "wildExploitedCategory": {"Vendor Advisory": "", "News Article or Blog": ""}, "wildExploitedReports": [{"category": "Vendor Advisory", "source_url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-40444", "published": "2021-09-07T18:47:00"}, {"category": "Vendor Advisory", "source_url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-40444", "published": "2021-09-07T22:50:00"}, {"category": "Vendor Advisory", "source_url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-40444", "published": "2021-09-09T09:55:00"}, {"category": "News Article or Blog", "source_url": "", "published": "2021-09-10T05:06:00"}, {"category": "Vendor Advisory", "source_url": "https://www.microsoft.com/security/blog/2021/09/15/analyzing-attacks-that-exploit-the-mshtml-cve-2021-40444-vulnerability/", "published": "2021-09-17T14:53:00"}, {"category": "Threat Feed", "source_url": "", "published": "2021-09-17T14:53:00"}], "references_categories": {"Canonical": ["https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-40444"], "Miscellaneous": ["https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-40444", "http://packetstormsecurity.com/files/164210/Microsoft-Windows-MSHTML-Overview.html"]}, "tags": ["requires_interaction", "obscure_configuration"], "mitre_vector": {"Execution": ["Command and Scripting Interpreter: Windows Command Shell(Validated)", "Exploitation for Client Execution(Validated)", "User Execution(Validated)"]}, "last_activity": "2021-09-25T00:00:00"}, "lastseen": "2021-10-10T16:42:01", "differentElements": ["href"], "edition": 74}, {"bulletin": {"id": "AKB:F7CCD0B7-220B-49E5-A4DF-27E26B64A3F0", "hash": "f895324dfc94580c2fd6a7d9a0f2f27a", "type": "attackerkb", "bulletinFamily": "info", "title": "CVE-2021-40444", "description": "Microsoft MSHTML Remote Code Execution Vulnerability\n\n \n**Recent assessments:** \n \n**JunquerGJ** at September 07, 2021 10:50pm UTC reported:\n\n * Vulnerable if default behaviour has been changed ( By default, Microsoft Office opens documents from the internet in Protected View or Application Guard for Office both of which prevent the current attack ) \n\n * Requires social engineering to be exploited \n\n * Workaround easy to deploy\n\n**ccondon-r7** at September 07, 2021 7:12pm UTC reported:\n\n * Vulnerable if default behaviour has been changed ( By default, Microsoft Office opens documents from the internet in Protected View or Application Guard for Office both of which prevent the current attack ) \n\n * Requires social engineering to be exploited \n\n * Workaround easy to deploy\n\n**nu11secur1ty** at September 22, 2021 4:28pm UTC reported:\n\n * Vulnerable if default behaviour has been changed ( By default, Microsoft Office opens documents from the internet in Protected View or Application Guard for Office both of which prevent the current attack ) \n\n * Requires social engineering to be exploited \n\n * Workaround easy to deploy\n\n**NinjaOperator** at September 07, 2021 6:45pm UTC reported:\n\n * Vulnerable if default behaviour has been changed ( By default, Microsoft Office opens documents from the internet in Protected View or Application Guard for Office both of which prevent the current attack ) \n\n * Requires social engineering to be exploited \n\n * Workaround easy to deploy\n\nAssessed Attacker Value: 3 \nAssessed Attacker Value: 3Assessed Attacker Value: 2\n", "published": "2021-09-15T00:00:00", "modified": "2021-09-25T00:00:00", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}, "cvss2": {}, "cvss3": {}, "href": "https://attackerkb.com/comments/d5168efc-757d-4584-a59f-dd75d566c156", "reporter": "AttackerKB", "references": ["https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-40444", "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-40444", "http://packetstormsecurity.com/files/164210/Microsoft-Windows-MSHTML-Overview.html"], "cvelist": ["CVE-2021-40444"], "immutableFields": [], "lastseen": "2021-10-10T19:42:00", "history": [], "viewCount": 53, "enchantments": {"dependencies": {"references": [{"type": "cve", "idList": ["CVE-2021-40444"]}, {"type": "kitploit", "idList": ["KITPLOIT:4033244480100620751", "KITPLOIT:942518396640901655", "KITPLOIT:3456474172768099634", "KITPLOIT:698315176468431184", "KITPLOIT:3697667464193804316", "KITPLOIT:5187040326820919368", "KITPLOIT:5550923684662771880", "KITPLOIT:5230148353750207837", "KITPLOIT:5184284878903042540", "KITPLOIT:2590785192528609562", "KITPLOIT:1624142243530526923", "KITPLOIT:4074521293617632933"]}, {"type": "cisa", "idList": ["CISA:C70D91615E3DC8B589B493118D474566"]}, {"type": "securelist", "idList": ["SECURELIST:63306FA6D056BD9A04969409AC790D84"]}, {"type": "mssecure", "idList": ["MSSECURE:795E0A765679492C51FEFA2B19EAD597"]}, {"type": "mmpc", "idList": ["MMPC:795E0A765679492C51FEFA2B19EAD597"]}, {"type": "trendmicroblog", "idList": ["TRENDMICROBLOG:E17B66F8728189778826A0F497A540F2", "TRENDMICROBLOG:E0C479F55DF4C53A47CA2170110555AE"]}, {"type": "mskb", "idList": ["KB5005563"]}, {"type": "threatpost", "idList": ["THREATPOST:62DC935BF4DB4EF8A4F1E83519B1D5CD", "THREATPOST:6D61C560E85ECD0A7A35C55E74849510", "THREATPOST:3C3F20C93519036CC712D1CA3A6D7C48"]}, {"type": "nessus", "idList": ["SMB_NT_MS21_SEP_5005569.NASL", "SMB_NT_MS21_SEP_5005565.NASL", "SMB_NT_MS21_SEP_5005566.NASL", "SMB_NT_MS21_IE_SEPT_2021.NASL", "SMB_NT_MS21_SEP_5005613.NASL", "SMB_NT_MS21_SEP_INTERNET_EXPLORER.NASL", "SMB_NT_MS21_SEP_5005573.NASL", "SMB_NT_MS21_SEP_5005568.NASL"]}, {"type": "kaspersky", "idList": ["KLA12278", "KLA12277"]}, {"type": "malwarebytes", "idList": ["MALWAREBYTES:DB54B348AF1AC41987150B5CE7B1BC66", "MALWAREBYTES:76333D1F0FCAFD79FA2EDD4A4CAFBB38", "MALWAREBYTES:801E20618F96EF51F9E60F7BC7906C2B"]}, {"type": "krebs", "idList": ["KREBS:2EC42B845847A6DCFE50ECEB9FF61C29", "KREBS:409088FC2DFC219B74043104C2B672CC"]}, {"type": "thn", "idList": ["THN:67ECC712AB360F5A56F2434CDBF6B51F", "THN:59AE75C78D4644BFA6AD90225B3DE0C1", "THN:D4E86BD8938D3B2E15104CA4922A51F8"]}, {"type": "mscve", "idList": ["MS:CVE-2021-40444"]}, {"type": "avleonov", "idList": ["AVLEONOV:5945665DFA613F7707360C10CED8C916"]}, {"type": "qualysblog", "idList": ["QUALYSBLOG:5576D16DC39617927D8AEFF027CC0911"]}, {"type": "rapid7blog", "idList": ["RAPID7BLOG:CC071AA6971D64B0F7A596B2BBD5F046"]}], "modified": "2021-10-05T10:41:56", "rev": 2}, "score": {"value": 4.4, "vector": "NONE", "modified": "2021-10-05T10:41:56", "rev": 2}}, "objectVersion": "1.6", "attackerkb": {"attackerValue": 3, "exploitability": 2}, "wildExploited": true, "wildExploitedCategory": {"Vendor Advisory": "", "News Article or Blog": ""}, "wildExploitedReports": [{"category": "Vendor Advisory", "source_url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-40444", "published": "2021-09-07T18:47:00"}, {"category": "Vendor Advisory", "source_url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-40444", "published": "2021-09-07T22:50:00"}, {"category": "Vendor Advisory", "source_url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-40444", "published": "2021-09-09T09:55:00"}, {"category": "News Article or Blog", "source_url": "", "published": "2021-09-10T05:06:00"}, {"category": "Vendor Advisory", "source_url": "https://www.microsoft.com/security/blog/2021/09/15/analyzing-attacks-that-exploit-the-mshtml-cve-2021-40444-vulnerability/", "published": "2021-09-17T14:53:00"}, {"category": "Threat Feed", "source_url": "", "published": "2021-09-17T14:53:00"}], "references_categories": {"Canonical": ["https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-40444"], "Miscellaneous": ["https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-40444", "http://packetstormsecurity.com/files/164210/Microsoft-Windows-MSHTML-Overview.html"]}, "tags": ["requires_interaction", "obscure_configuration"], "mitre_vector": {"Execution": ["Command and Scripting Interpreter: Windows Command Shell(Validated)", "Exploitation for Client Execution(Validated)", "User Execution(Validated)"]}, "last_activity": "2021-09-25T00:00:00"}, "lastseen": "2021-10-10T19:42:00", "differentElements": ["href"], "edition": 75}, {"bulletin": {"id": "AKB:F7CCD0B7-220B-49E5-A4DF-27E26B64A3F0", "hash": "3d52b470d5472513daaca763ba17c977", "type": "attackerkb", "bulletinFamily": "info", "title": "CVE-2021-40444", "description": "Microsoft MSHTML Remote Code Execution Vulnerability\n\n \n**Recent assessments:** \n \n**JunquerGJ** at September 07, 2021 10:50pm UTC reported:\n\n * Vulnerable if default behaviour has been changed ( By default, Microsoft Office opens documents from the internet in Protected View or Application Guard for Office both of which prevent the current attack ) \n\n * Requires social engineering to be exploited \n\n * Workaround easy to deploy\n\n**ccondon-r7** at September 07, 2021 7:12pm UTC reported:\n\n * Vulnerable if default behaviour has been changed ( By default, Microsoft Office opens documents from the internet in Protected View or Application Guard for Office both of which prevent the current attack ) \n\n * Requires social engineering to be exploited \n\n * Workaround easy to deploy\n\n**nu11secur1ty** at September 22, 2021 4:28pm UTC reported:\n\n * Vulnerable if default behaviour has been changed ( By default, Microsoft Office opens documents from the internet in Protected View or Application Guard for Office both of which prevent the current attack ) \n\n * Requires social engineering to be exploited \n\n * Workaround easy to deploy\n\n**NinjaOperator** at September 07, 2021 6:45pm UTC reported:\n\n * Vulnerable if default behaviour has been changed ( By default, Microsoft Office opens documents from the internet in Protected View or Application Guard for Office both of which prevent the current attack ) \n\n * Requires social engineering to be exploited \n\n * Workaround easy to deploy\n\nAssessed Attacker Value: 3 \nAssessed Attacker Value: 3Assessed Attacker Value: 2\n", "published": "2021-09-15T00:00:00", "modified": "2021-09-25T00:00:00", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}, "cvss2": {}, "cvss3": {}, "href": "https://attackerkb.com/topics/6ojqzQoPox/cve-2021-40444", "reporter": "AttackerKB", "references": ["https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-40444", "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-40444", "http://packetstormsecurity.com/files/164210/Microsoft-Windows-MSHTML-Overview.html"], "cvelist": ["CVE-2021-40444"], "immutableFields": [], "lastseen": "2021-10-10T19:42:05", "history": [], "viewCount": 53, "enchantments": {"dependencies": {"references": [{"type": "cve", "idList": ["CVE-2021-40444"]}, {"type": "kitploit", "idList": ["KITPLOIT:4033244480100620751", "KITPLOIT:942518396640901655", "KITPLOIT:3456474172768099634", "KITPLOIT:698315176468431184", "KITPLOIT:3697667464193804316", "KITPLOIT:5187040326820919368", "KITPLOIT:5550923684662771880", "KITPLOIT:5230148353750207837", "KITPLOIT:5184284878903042540", "KITPLOIT:2590785192528609562", "KITPLOIT:1624142243530526923", "KITPLOIT:4074521293617632933"]}, {"type": "cisa", "idList": ["CISA:C70D91615E3DC8B589B493118D474566"]}, {"type": "securelist", "idList": ["SECURELIST:63306FA6D056BD9A04969409AC790D84"]}, {"type": "mssecure", "idList": ["MSSECURE:795E0A765679492C51FEFA2B19EAD597"]}, {"type": "mmpc", "idList": ["MMPC:795E0A765679492C51FEFA2B19EAD597"]}, {"type": "trendmicroblog", "idList": ["TRENDMICROBLOG:E17B66F8728189778826A0F497A540F2", "TRENDMICROBLOG:E0C479F55DF4C53A47CA2170110555AE"]}, {"type": "mskb", "idList": ["KB5005563"]}, {"type": "threatpost", "idList": ["THREATPOST:62DC935BF4DB4EF8A4F1E83519B1D5CD", "THREATPOST:6D61C560E85ECD0A7A35C55E74849510", "THREATPOST:3C3F20C93519036CC712D1CA3A6D7C48"]}, {"type": "nessus", "idList": ["SMB_NT_MS21_SEP_5005569.NASL", "SMB_NT_MS21_SEP_5005565.NASL", "SMB_NT_MS21_SEP_5005566.NASL", "SMB_NT_MS21_IE_SEPT_2021.NASL", "SMB_NT_MS21_SEP_5005613.NASL", "SMB_NT_MS21_SEP_INTERNET_EXPLORER.NASL", "SMB_NT_MS21_SEP_5005573.NASL", "SMB_NT_MS21_SEP_5005568.NASL"]}, {"type": "kaspersky", "idList": ["KLA12278", "KLA12277"]}, {"type": "malwarebytes", "idList": ["MALWAREBYTES:DB54B348AF1AC41987150B5CE7B1BC66", "MALWAREBYTES:76333D1F0FCAFD79FA2EDD4A4CAFBB38", "MALWAREBYTES:801E20618F96EF51F9E60F7BC7906C2B"]}, {"type": "krebs", "idList": ["KREBS:2EC42B845847A6DCFE50ECEB9FF61C29", "KREBS:409088FC2DFC219B74043104C2B672CC"]}, {"type": "thn", "idList": ["THN:67ECC712AB360F5A56F2434CDBF6B51F", "THN:59AE75C78D4644BFA6AD90225B3DE0C1", "THN:D4E86BD8938D3B2E15104CA4922A51F8"]}, {"type": "mscve", "idList": ["MS:CVE-2021-40444"]}, {"type": "avleonov", "idList": ["AVLEONOV:5945665DFA613F7707360C10CED8C916"]}, {"type": "qualysblog", "idList": ["QUALYSBLOG:5576D16DC39617927D8AEFF027CC0911"]}, {"type": "rapid7blog", "idList": ["RAPID7BLOG:CC071AA6971D64B0F7A596B2BBD5F046"]}], "modified": "2021-10-05T10:41:56", "rev": 2}, "score": {"value": 4.4, "vector": "NONE", "modified": "2021-10-05T10:41:56", "rev": 2}}, "objectVersion": "1.6", "attackerkb": {"attackerValue": 3, "exploitability": 2}, "wildExploited": true, "wildExploitedCategory": {"Vendor Advisory": "", "News Article or Blog": ""}, "wildExploitedReports": [{"category": "Vendor Advisory", "source_url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-40444", "published": "2021-09-07T18:47:00"}, {"category": "Vendor Advisory", "source_url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-40444", "published": "2021-09-07T22:50:00"}, {"category": "Vendor Advisory", "source_url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-40444", "published": "2021-09-09T09:55:00"}, {"category": "News Article or Blog", "source_url": "", "published": "2021-09-10T05:06:00"}, {"category": "Vendor Advisory", "source_url": "https://www.microsoft.com/security/blog/2021/09/15/analyzing-attacks-that-exploit-the-mshtml-cve-2021-40444-vulnerability/", "published": "2021-09-17T14:53:00"}, {"category": "Threat Feed", "source_url": "", "published": "2021-09-17T14:53:00"}], "references_categories": {"Canonical": ["https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-40444"], "Miscellaneous": ["https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-40444", "http://packetstormsecurity.com/files/164210/Microsoft-Windows-MSHTML-Overview.html"]}, "tags": ["requires_interaction", "obscure_configuration"], "mitre_vector": {"Execution": ["Command and Scripting Interpreter: Windows Command Shell(Validated)", "Exploitation for Client Execution(Validated)", "User Execution(Validated)"]}, "last_activity": "2021-09-25T00:00:00"}, "lastseen": "2021-10-10T19:42:05", "differentElements": ["href"], "edition": 76}, {"bulletin": {"id": "AKB:F7CCD0B7-220B-49E5-A4DF-27E26B64A3F0", "hash": "f895324dfc94580c2fd6a7d9a0f2f27a", "type": "attackerkb", "bulletinFamily": "info", "title": "CVE-2021-40444", "description": "Microsoft MSHTML Remote Code Execution Vulnerability\n\n \n**Recent assessments:** \n \n**JunquerGJ** at September 07, 2021 10:50pm UTC reported:\n\n * Vulnerable if default behaviour has been changed ( By default, Microsoft Office opens documents from the internet in Protected View or Application Guard for Office both of which prevent the current attack ) \n\n * Requires social engineering to be exploited \n\n * Workaround easy to deploy\n\n**ccondon-r7** at September 07, 2021 7:12pm UTC reported:\n\n * Vulnerable if default behaviour has been changed ( By default, Microsoft Office opens documents from the internet in Protected View or Application Guard for Office both of which prevent the current attack ) \n\n * Requires social engineering to be exploited \n\n * Workaround easy to deploy\n\n**nu11secur1ty** at September 22, 2021 4:28pm UTC reported:\n\n * Vulnerable if default behaviour has been changed ( By default, Microsoft Office opens documents from the internet in Protected View or Application Guard for Office both of which prevent the current attack ) \n\n * Requires social engineering to be exploited \n\n * Workaround easy to deploy\n\n**NinjaOperator** at September 07, 2021 6:45pm UTC reported:\n\n * Vulnerable if default behaviour has been changed ( By default, Microsoft Office opens documents from the internet in Protected View or Application Guard for Office both of which prevent the current attack ) \n\n * Requires social engineering to be exploited \n\n * Workaround easy to deploy\n\nAssessed Attacker Value: 3 \nAssessed Attacker Value: 3Assessed Attacker Value: 2\n", "published": "2021-09-15T00:00:00", "modified": "2021-09-25T00:00:00", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}, "cvss2": {}, "cvss3": {}, "href": "https://attackerkb.com/comments/d5168efc-757d-4584-a59f-dd75d566c156", "reporter": "AttackerKB", "references": ["https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-40444", "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-40444", "http://packetstormsecurity.com/files/164210/Microsoft-Windows-MSHTML-Overview.html"], "cvelist": ["CVE-2021-40444"], "immutableFields": [], "lastseen": "2021-10-10T22:45:55", "history": [], "viewCount": 53, "enchantments": {"dependencies": {"references": [{"type": "cve", "idList": ["CVE-2021-40444"]}, {"type": "kitploit", "idList": ["KITPLOIT:4033244480100620751", "KITPLOIT:942518396640901655", "KITPLOIT:3456474172768099634", "KITPLOIT:698315176468431184", "KITPLOIT:3697667464193804316", "KITPLOIT:5187040326820919368", "KITPLOIT:5550923684662771880", "KITPLOIT:5230148353750207837", "KITPLOIT:5184284878903042540", "KITPLOIT:2590785192528609562", "KITPLOIT:1624142243530526923", "KITPLOIT:4074521293617632933"]}, {"type": "cisa", "idList": ["CISA:C70D91615E3DC8B589B493118D474566"]}, {"type": "securelist", "idList": ["SECURELIST:63306FA6D056BD9A04969409AC790D84"]}, {"type": "mssecure", "idList": ["MSSECURE:795E0A765679492C51FEFA2B19EAD597"]}, {"type": "mmpc", "idList": ["MMPC:795E0A765679492C51FEFA2B19EAD597"]}, {"type": "trendmicroblog", "idList": ["TRENDMICROBLOG:E17B66F8728189778826A0F497A540F2", "TRENDMICROBLOG:E0C479F55DF4C53A47CA2170110555AE"]}, {"type": "mskb", "idList": ["KB5005563"]}, {"type": "threatpost", "idList": ["THREATPOST:62DC935BF4DB4EF8A4F1E83519B1D5CD", "THREATPOST:6D61C560E85ECD0A7A35C55E74849510", "THREATPOST:3C3F20C93519036CC712D1CA3A6D7C48"]}, {"type": "nessus", "idList": ["SMB_NT_MS21_SEP_5005569.NASL", "SMB_NT_MS21_SEP_5005565.NASL", "SMB_NT_MS21_SEP_5005566.NASL", "SMB_NT_MS21_IE_SEPT_2021.NASL", "SMB_NT_MS21_SEP_5005613.NASL", "SMB_NT_MS21_SEP_INTERNET_EXPLORER.NASL", "SMB_NT_MS21_SEP_5005573.NASL", "SMB_NT_MS21_SEP_5005568.NASL"]}, {"type": "kaspersky", "idList": ["KLA12278", "KLA12277"]}, {"type": "malwarebytes", "idList": ["MALWAREBYTES:DB54B348AF1AC41987150B5CE7B1BC66", "MALWAREBYTES:76333D1F0FCAFD79FA2EDD4A4CAFBB38", "MALWAREBYTES:801E20618F96EF51F9E60F7BC7906C2B"]}, {"type": "krebs", "idList": ["KREBS:2EC42B845847A6DCFE50ECEB9FF61C29", "KREBS:409088FC2DFC219B74043104C2B672CC"]}, {"type": "thn", "idList": ["THN:67ECC712AB360F5A56F2434CDBF6B51F", "THN:59AE75C78D4644BFA6AD90225B3DE0C1", "THN:D4E86BD8938D3B2E15104CA4922A51F8"]}, {"type": "mscve", "idList": ["MS:CVE-2021-40444"]}, {"type": "avleonov", "idList": ["AVLEONOV:5945665DFA613F7707360C10CED8C916"]}, {"type": "qualysblog", "idList": ["QUALYSBLOG:5576D16DC39617927D8AEFF027CC0911"]}, {"type": "rapid7blog", "idList": ["RAPID7BLOG:CC071AA6971D64B0F7A596B2BBD5F046"]}], "modified": "2021-10-05T10:41:56", "rev": 2}, "score": {"value": 4.4, "vector": "NONE", "modified": "2021-10-05T10:41:56", "rev": 2}}, "objectVersion": "1.6", "attackerkb": {"attackerValue": 3, "exploitability": 2}, "wildExploited": true, "wildExploitedCategory": {"Vendor Advisory": "", "News Article or Blog": ""}, "wildExploitedReports": [{"category": "Vendor Advisory", "source_url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-40444", "published": "2021-09-07T18:47:00"}, {"category": "Vendor Advisory", "source_url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-40444", "published": "2021-09-07T22:50:00"}, {"category": "Vendor Advisory", "source_url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-40444", "published": "2021-09-09T09:55:00"}, {"category": "News Article or Blog", "source_url": "", "published": "2021-09-10T05:06:00"}, {"category": "Vendor Advisory", "source_url": "https://www.microsoft.com/security/blog/2021/09/15/analyzing-attacks-that-exploit-the-mshtml-cve-2021-40444-vulnerability/", "published": "2021-09-17T14:53:00"}, {"category": "Threat Feed", "source_url": "", "published": "2021-09-17T14:53:00"}], "references_categories": {"Canonical": ["https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-40444"], "Miscellaneous": ["https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-40444", "http://packetstormsecurity.com/files/164210/Microsoft-Windows-MSHTML-Overview.html"]}, "tags": ["requires_interaction", "obscure_configuration"], "mitre_vector": {"Execution": ["Command and Scripting Interpreter: Windows Command Shell(Validated)", "Exploitation for Client Execution(Validated)", "User Execution(Validated)"]}, "last_activity": "2021-09-25T00:00:00"}, "lastseen": "2021-10-10T22:45:55", "differentElements": ["href"], "edition": 77}, {"bulletin": {"id": "AKB:F7CCD0B7-220B-49E5-A4DF-27E26B64A3F0", "hash": "3d52b470d5472513daaca763ba17c977", "type": "attackerkb", "bulletinFamily": "info", "title": "CVE-2021-40444", "description": "Microsoft MSHTML Remote Code Execution Vulnerability\n\n \n**Recent assessments:** \n \n**JunquerGJ** at September 07, 2021 10:50pm UTC reported:\n\n * Vulnerable if default behaviour has been changed ( By default, Microsoft Office opens documents from the internet in Protected View or Application Guard for Office both of which prevent the current attack ) \n\n * Requires social engineering to be exploited \n\n * Workaround easy to deploy\n\n**ccondon-r7** at September 07, 2021 7:12pm UTC reported:\n\n * Vulnerable if default behaviour has been changed ( By default, Microsoft Office opens documents from the internet in Protected View or Application Guard for Office both of which prevent the current attack ) \n\n * Requires social engineering to be exploited \n\n * Workaround easy to deploy\n\n**nu11secur1ty** at September 22, 2021 4:28pm UTC reported:\n\n * Vulnerable if default behaviour has been changed ( By default, Microsoft Office opens documents from the internet in Protected View or Application Guard for Office both of which prevent the current attack ) \n\n * Requires social engineering to be exploited \n\n * Workaround easy to deploy\n\n**NinjaOperator** at September 07, 2021 6:45pm UTC reported:\n\n * Vulnerable if default behaviour has been changed ( By default, Microsoft Office opens documents from the internet in Protected View or Application Guard for Office both of which prevent the current attack ) \n\n * Requires social engineering to be exploited \n\n * Workaround easy to deploy\n\nAssessed Attacker Value: 3 \nAssessed Attacker Value: 3Assessed Attacker Value: 2\n", "published": "2021-09-15T00:00:00", "modified": "2021-09-25T00:00:00", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}, "cvss2": {}, "cvss3": {}, "href": "https://attackerkb.com/topics/6ojqzQoPox/cve-2021-40444", "reporter": "AttackerKB", "references": ["https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-40444", "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-40444", "http://packetstormsecurity.com/files/164210/Microsoft-Windows-MSHTML-Overview.html"], "cvelist": ["CVE-2021-40444"], "immutableFields": [], "lastseen": "2021-10-11T01:42:07", "history": [], "viewCount": 53, "enchantments": {"dependencies": {"references": [{"type": "cve", "idList": ["CVE-2021-40444"]}, {"type": "kitploit", "idList": ["KITPLOIT:4033244480100620751", "KITPLOIT:942518396640901655", "KITPLOIT:3456474172768099634", "KITPLOIT:698315176468431184", "KITPLOIT:3697667464193804316", "KITPLOIT:5187040326820919368", "KITPLOIT:5550923684662771880", "KITPLOIT:5230148353750207837", "KITPLOIT:5184284878903042540", "KITPLOIT:2590785192528609562", "KITPLOIT:1624142243530526923", "KITPLOIT:4074521293617632933"]}, {"type": "cisa", "idList": ["CISA:C70D91615E3DC8B589B493118D474566"]}, {"type": "securelist", "idList": ["SECURELIST:63306FA6D056BD9A04969409AC790D84"]}, {"type": "mssecure", "idList": ["MSSECURE:795E0A765679492C51FEFA2B19EAD597"]}, {"type": "mmpc", "idList": ["MMPC:795E0A765679492C51FEFA2B19EAD597"]}, {"type": "trendmicroblog", "idList": ["TRENDMICROBLOG:E17B66F8728189778826A0F497A540F2", "TRENDMICROBLOG:E0C479F55DF4C53A47CA2170110555AE"]}, {"type": "mskb", "idList": ["KB5005563"]}, {"type": "threatpost", "idList": ["THREATPOST:62DC935BF4DB4EF8A4F1E83519B1D5CD", "THREATPOST:6D61C560E85ECD0A7A35C55E74849510", "THREATPOST:3C3F20C93519036CC712D1CA3A6D7C48"]}, {"type": "nessus", "idList": ["SMB_NT_MS21_SEP_5005569.NASL", "SMB_NT_MS21_SEP_5005565.NASL", "SMB_NT_MS21_SEP_5005566.NASL", "SMB_NT_MS21_IE_SEPT_2021.NASL", "SMB_NT_MS21_SEP_5005613.NASL", "SMB_NT_MS21_SEP_INTERNET_EXPLORER.NASL", "SMB_NT_MS21_SEP_5005573.NASL", "SMB_NT_MS21_SEP_5005568.NASL"]}, {"type": "kaspersky", "idList": ["KLA12278", "KLA12277"]}, {"type": "malwarebytes", "idList": ["MALWAREBYTES:DB54B348AF1AC41987150B5CE7B1BC66", "MALWAREBYTES:76333D1F0FCAFD79FA2EDD4A4CAFBB38", "MALWAREBYTES:801E20618F96EF51F9E60F7BC7906C2B"]}, {"type": "krebs", "idList": ["KREBS:2EC42B845847A6DCFE50ECEB9FF61C29", "KREBS:409088FC2DFC219B74043104C2B672CC"]}, {"type": "thn", "idList": ["THN:67ECC712AB360F5A56F2434CDBF6B51F", "THN:59AE75C78D4644BFA6AD90225B3DE0C1", "THN:D4E86BD8938D3B2E15104CA4922A51F8"]}, {"type": "mscve", "idList": ["MS:CVE-2021-40444"]}, {"type": "avleonov", "idList": ["AVLEONOV:5945665DFA613F7707360C10CED8C916"]}, {"type": "qualysblog", "idList": ["QUALYSBLOG:5576D16DC39617927D8AEFF027CC0911"]}, {"type": "rapid7blog", "idList": ["RAPID7BLOG:CC071AA6971D64B0F7A596B2BBD5F046"]}], "modified": "2021-10-05T10:41:56", "rev": 2}, "score": {"value": 4.4, "vector": "NONE", "modified": "2021-10-05T10:41:56", "rev": 2}}, "objectVersion": "1.6", "attackerkb": {"attackerValue": 3, "exploitability": 2}, "wildExploited": true, "wildExploitedCategory": {"Vendor Advisory": "", "News Article or Blog": ""}, "wildExploitedReports": [{"category": "Vendor Advisory", "source_url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-40444", "published": "2021-09-07T18:47:00"}, {"category": "Vendor Advisory", "source_url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-40444", "published": "2021-09-07T22:50:00"}, {"category": "Vendor Advisory", "source_url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-40444", "published": "2021-09-09T09:55:00"}, {"category": "News Article or Blog", "source_url": "", "published": "2021-09-10T05:06:00"}, {"category": "Vendor Advisory", "source_url": "https://www.microsoft.com/security/blog/2021/09/15/analyzing-attacks-that-exploit-the-mshtml-cve-2021-40444-vulnerability/", "published": "2021-09-17T14:53:00"}, {"category": "Threat Feed", "source_url": "", "published": "2021-09-17T14:53:00"}], "references_categories": {"Canonical": ["https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-40444"], "Miscellaneous": ["https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-40444", "http://packetstormsecurity.com/files/164210/Microsoft-Windows-MSHTML-Overview.html"]}, "tags": ["requires_interaction", "obscure_configuration"], "mitre_vector": {"Execution": ["Command and Scripting Interpreter: Windows Command Shell(Validated)", "Exploitation for Client Execution(Validated)", "User Execution(Validated)"]}, "last_activity": "2021-09-25T00:00:00"}, "lastseen": "2021-10-11T01:42:07", "differentElements": ["href"], "edition": 78}, {"bulletin": {"id": "AKB:F7CCD0B7-220B-49E5-A4DF-27E26B64A3F0", "hash": "f895324dfc94580c2fd6a7d9a0f2f27a", "type": "attackerkb", "bulletinFamily": "info", "title": "CVE-2021-40444", "description": "Microsoft MSHTML Remote Code Execution Vulnerability\n\n \n**Recent assessments:** \n \n**JunquerGJ** at September 07, 2021 10:50pm UTC reported:\n\n * Vulnerable if default behaviour has been changed ( By default, Microsoft Office opens documents from the internet in Protected View or Application Guard for Office both of which prevent the current attack ) \n\n * Requires social engineering to be exploited \n\n * Workaround easy to deploy\n\n**ccondon-r7** at September 07, 2021 7:12pm UTC reported:\n\n * Vulnerable if default behaviour has been changed ( By default, Microsoft Office opens documents from the internet in Protected View or Application Guard for Office both of which prevent the current attack ) \n\n * Requires social engineering to be exploited \n\n * Workaround easy to deploy\n\n**nu11secur1ty** at September 22, 2021 4:28pm UTC reported:\n\n * Vulnerable if default behaviour has been changed ( By default, Microsoft Office opens documents from the internet in Protected View or Application Guard for Office both of which prevent the current attack ) \n\n * Requires social engineering to be exploited \n\n * Workaround easy to deploy\n\n**NinjaOperator** at September 07, 2021 6:45pm UTC reported:\n\n * Vulnerable if default behaviour has been changed ( By default, Microsoft Office opens documents from the internet in Protected View or Application Guard for Office both of which prevent the current attack ) \n\n * Requires social engineering to be exploited \n\n * Workaround easy to deploy\n\nAssessed Attacker Value: 3 \nAssessed Attacker Value: 3Assessed Attacker Value: 2\n", "published": "2021-09-15T00:00:00", "modified": "2021-09-25T00:00:00", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}, "cvss2": {}, "cvss3": {}, "href": "https://attackerkb.com/comments/d5168efc-757d-4584-a59f-dd75d566c156", "reporter": "AttackerKB", "references": ["https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-40444", "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-40444", "http://packetstormsecurity.com/files/164210/Microsoft-Windows-MSHTML-Overview.html"], "cvelist": ["CVE-2021-40444"], "immutableFields": [], "lastseen": "2021-10-11T04:42:47", "history": [], "viewCount": 53, "enchantments": {"dependencies": {"references": [{"type": "cve", "idList": ["CVE-2021-40444"]}, {"type": "kitploit", "idList": ["KITPLOIT:4033244480100620751", "KITPLOIT:942518396640901655", "KITPLOIT:3456474172768099634", "KITPLOIT:698315176468431184", "KITPLOIT:3697667464193804316", "KITPLOIT:5187040326820919368", "KITPLOIT:5550923684662771880", "KITPLOIT:5230148353750207837", "KITPLOIT:5184284878903042540", "KITPLOIT:2590785192528609562", "KITPLOIT:1624142243530526923", "KITPLOIT:4074521293617632933"]}, {"type": "cisa", "idList": ["CISA:C70D91615E3DC8B589B493118D474566"]}, {"type": "securelist", "idList": ["SECURELIST:63306FA6D056BD9A04969409AC790D84"]}, {"type": "mssecure", "idList": ["MSSECURE:795E0A765679492C51FEFA2B19EAD597"]}, {"type": "mmpc", "idList": ["MMPC:795E0A765679492C51FEFA2B19EAD597"]}, {"type": "trendmicroblog", "idList": ["TRENDMICROBLOG:E17B66F8728189778826A0F497A540F2", "TRENDMICROBLOG:E0C479F55DF4C53A47CA2170110555AE"]}, {"type": "mskb", "idList": ["KB5005563"]}, {"type": "threatpost", "idList": ["THREATPOST:62DC935BF4DB4EF8A4F1E83519B1D5CD", "THREATPOST:6D61C560E85ECD0A7A35C55E74849510", "THREATPOST:3C3F20C93519036CC712D1CA3A6D7C48"]}, {"type": "nessus", "idList": ["SMB_NT_MS21_SEP_5005569.NASL", "SMB_NT_MS21_SEP_5005565.NASL", "SMB_NT_MS21_SEP_5005566.NASL", "SMB_NT_MS21_IE_SEPT_2021.NASL", "SMB_NT_MS21_SEP_5005613.NASL", "SMB_NT_MS21_SEP_INTERNET_EXPLORER.NASL", "SMB_NT_MS21_SEP_5005573.NASL", "SMB_NT_MS21_SEP_5005568.NASL"]}, {"type": "kaspersky", "idList": ["KLA12278", "KLA12277"]}, {"type": "malwarebytes", "idList": ["MALWAREBYTES:DB54B348AF1AC41987150B5CE7B1BC66", "MALWAREBYTES:76333D1F0FCAFD79FA2EDD4A4CAFBB38", "MALWAREBYTES:801E20618F96EF51F9E60F7BC7906C2B"]}, {"type": "krebs", "idList": ["KREBS:2EC42B845847A6DCFE50ECEB9FF61C29", "KREBS:409088FC2DFC219B74043104C2B672CC"]}, {"type": "thn", "idList": ["THN:67ECC712AB360F5A56F2434CDBF6B51F", "THN:59AE75C78D4644BFA6AD90225B3DE0C1", "THN:D4E86BD8938D3B2E15104CA4922A51F8"]}, {"type": "mscve", "idList": ["MS:CVE-2021-40444"]}, {"type": "avleonov", "idList": ["AVLEONOV:5945665DFA613F7707360C10CED8C916"]}, {"type": "qualysblog", "idList": ["QUALYSBLOG:5576D16DC39617927D8AEFF027CC0911"]}, {"type": "rapid7blog", "idList": ["RAPID7BLOG:CC071AA6971D64B0F7A596B2BBD5F046"]}], "modified": "2021-10-05T10:41:56", "rev": 2}, "score": {"value": 4.4, "vector": "NONE", "modified": "2021-10-05T10:41:56", "rev": 2}}, "objectVersion": "1.6", "attackerkb": {"attackerValue": 3, "exploitability": 2}, "wildExploited": true, "wildExploitedCategory": {"Vendor Advisory": "", "News Article or Blog": ""}, "wildExploitedReports": [{"category": "Vendor Advisory", "source_url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-40444", "published": "2021-09-07T18:47:00"}, {"category": "Vendor Advisory", "source_url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-40444", "published": "2021-09-07T22:50:00"}, {"category": "Vendor Advisory", "source_url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-40444", "published": "2021-09-09T09:55:00"}, {"category": "News Article or Blog", "source_url": "", "published": "2021-09-10T05:06:00"}, {"category": "Vendor Advisory", "source_url": "https://www.microsoft.com/security/blog/2021/09/15/analyzing-attacks-that-exploit-the-mshtml-cve-2021-40444-vulnerability/", "published": "2021-09-17T14:53:00"}, {"category": "Threat Feed", "source_url": "", "published": "2021-09-17T14:53:00"}], "references_categories": {"Canonical": ["https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-40444"], "Miscellaneous": ["https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-40444", "http://packetstormsecurity.com/files/164210/Microsoft-Windows-MSHTML-Overview.html"]}, "tags": ["requires_interaction", "obscure_configuration"], "mitre_vector": {"Execution": ["Command and Scripting Interpreter: Windows Command Shell(Validated)", "Exploitation for Client Execution(Validated)", "User Execution(Validated)"]}, "last_activity": "2021-09-25T00:00:00"}, "lastseen": "2021-10-11T04:42:47", "differentElements": ["href"], "edition": 79}, {"bulletin": {"id": "AKB:F7CCD0B7-220B-49E5-A4DF-27E26B64A3F0", "hash": "3d52b470d5472513daaca763ba17c977", "type": "attackerkb", "bulletinFamily": "info", "title": "CVE-2021-40444", "description": "Microsoft MSHTML Remote Code Execution Vulnerability\n\n \n**Recent assessments:** \n \n**JunquerGJ** at September 07, 2021 10:50pm UTC reported:\n\n * Vulnerable if default behaviour has been changed ( By default, Microsoft Office opens documents from the internet in Protected View or Application Guard for Office both of which prevent the current attack ) \n\n * Requires social engineering to be exploited \n\n * Workaround easy to deploy\n\n**ccondon-r7** at September 07, 2021 7:12pm UTC reported:\n\n * Vulnerable if default behaviour has been changed ( By default, Microsoft Office opens documents from the internet in Protected View or Application Guard for Office both of which prevent the current attack ) \n\n * Requires social engineering to be exploited \n\n * Workaround easy to deploy\n\n**nu11secur1ty** at September 22, 2021 4:28pm UTC reported:\n\n * Vulnerable if default behaviour has been changed ( By default, Microsoft Office opens documents from the internet in Protected View or Application Guard for Office both of which prevent the current attack ) \n\n * Requires social engineering to be exploited \n\n * Workaround easy to deploy\n\n**NinjaOperator** at September 07, 2021 6:45pm UTC reported:\n\n * Vulnerable if default behaviour has been changed ( By default, Microsoft Office opens documents from the internet in Protected View or Application Guard for Office both of which prevent the current attack ) \n\n * Requires social engineering to be exploited \n\n * Workaround easy to deploy\n\nAssessed Attacker Value: 3 \nAssessed Attacker Value: 3Assessed Attacker Value: 2\n", "published": "2021-09-15T00:00:00", "modified": "2021-09-25T00:00:00", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}, "cvss2": {}, "cvss3": {}, "href": "https://attackerkb.com/topics/6ojqzQoPox/cve-2021-40444", "reporter": "AttackerKB", "references": ["https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-40444", "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-40444", "http://packetstormsecurity.com/files/164210/Microsoft-Windows-MSHTML-Overview.html"], "cvelist": ["CVE-2021-40444"], "immutableFields": [], "lastseen": "2021-10-11T04:42:52", "history": [], "viewCount": 53, "enchantments": {"dependencies": {"references": [{"type": "cve", "idList": ["CVE-2021-40444"]}, {"type": "kitploit", "idList": ["KITPLOIT:4033244480100620751", "KITPLOIT:942518396640901655", "KITPLOIT:3456474172768099634", "KITPLOIT:698315176468431184", "KITPLOIT:3697667464193804316", "KITPLOIT:5187040326820919368", "KITPLOIT:5550923684662771880", "KITPLOIT:5230148353750207837", "KITPLOIT:5184284878903042540", "KITPLOIT:2590785192528609562", "KITPLOIT:1624142243530526923", "KITPLOIT:4074521293617632933"]}, {"type": "cisa", "idList": ["CISA:C70D91615E3DC8B589B493118D474566"]}, {"type": "securelist", "idList": ["SECURELIST:63306FA6D056BD9A04969409AC790D84"]}, {"type": "mssecure", "idList": ["MSSECURE:795E0A765679492C51FEFA2B19EAD597"]}, {"type": "mmpc", "idList": ["MMPC:795E0A765679492C51FEFA2B19EAD597"]}, {"type": "trendmicroblog", "idList": ["TRENDMICROBLOG:E17B66F8728189778826A0F497A540F2", "TRENDMICROBLOG:E0C479F55DF4C53A47CA2170110555AE"]}, {"type": "mskb", "idList": ["KB5005563"]}, {"type": "threatpost", "idList": ["THREATPOST:62DC935BF4DB4EF8A4F1E83519B1D5CD", "THREATPOST:6D61C560E85ECD0A7A35C55E74849510", "THREATPOST:3C3F20C93519036CC712D1CA3A6D7C48"]}, {"type": "nessus", "idList": ["SMB_NT_MS21_SEP_5005569.NASL", "SMB_NT_MS21_SEP_5005565.NASL", "SMB_NT_MS21_SEP_5005566.NASL", "SMB_NT_MS21_IE_SEPT_2021.NASL", "SMB_NT_MS21_SEP_5005613.NASL", "SMB_NT_MS21_SEP_INTERNET_EXPLORER.NASL", "SMB_NT_MS21_SEP_5005573.NASL", "SMB_NT_MS21_SEP_5005568.NASL"]}, {"type": "kaspersky", "idList": ["KLA12278", "KLA12277"]}, {"type": "malwarebytes", "idList": ["MALWAREBYTES:DB54B348AF1AC41987150B5CE7B1BC66", "MALWAREBYTES:76333D1F0FCAFD79FA2EDD4A4CAFBB38", "MALWAREBYTES:801E20618F96EF51F9E60F7BC7906C2B"]}, {"type": "krebs", "idList": ["KREBS:2EC42B845847A6DCFE50ECEB9FF61C29", "KREBS:409088FC2DFC219B74043104C2B672CC"]}, {"type": "thn", "idList": ["THN:67ECC712AB360F5A56F2434CDBF6B51F", "THN:59AE75C78D4644BFA6AD90225B3DE0C1", "THN:D4E86BD8938D3B2E15104CA4922A51F8"]}, {"type": "mscve", "idList": ["MS:CVE-2021-40444"]}, {"type": "avleonov", "idList": ["AVLEONOV:5945665DFA613F7707360C10CED8C916"]}, {"type": "qualysblog", "idList": ["QUALYSBLOG:5576D16DC39617927D8AEFF027CC0911"]}, {"type": "rapid7blog", "idList": ["RAPID7BLOG:CC071AA6971D64B0F7A596B2BBD5F046"]}], "modified": "2021-10-05T10:41:56", "rev": 2}, "score": {"value": 4.4, "vector": "NONE", "modified": "2021-10-05T10:41:56", "rev": 2}}, "objectVersion": "1.6", "attackerkb": {"attackerValue": 3, "exploitability": 2}, "wildExploited": true, "wildExploitedCategory": {"Vendor Advisory": "", "News Article or Blog": ""}, "wildExploitedReports": [{"category": "Vendor Advisory", "source_url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-40444", "published": "2021-09-07T18:47:00"}, {"category": "Vendor Advisory", "source_url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-40444", "published": "2021-09-07T22:50:00"}, {"category": "Vendor Advisory", "source_url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-40444", "published": "2021-09-09T09:55:00"}, {"category": "News Article or Blog", "source_url": "", "published": "2021-09-10T05:06:00"}, {"category": "Vendor Advisory", "source_url": "https://www.microsoft.com/security/blog/2021/09/15/analyzing-attacks-that-exploit-the-mshtml-cve-2021-40444-vulnerability/", "published": "2021-09-17T14:53:00"}, {"category": "Threat Feed", "source_url": "", "published": "2021-09-17T14:53:00"}], "references_categories": {"Canonical": ["https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-40444"], "Miscellaneous": ["https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-40444", "http://packetstormsecurity.com/files/164210/Microsoft-Windows-MSHTML-Overview.html"]}, "tags": ["requires_interaction", "obscure_configuration"], "mitre_vector": {"Execution": ["Command and Scripting Interpreter: Windows Command Shell(Validated)", "Exploitation for Client Execution(Validated)", "User Execution(Validated)"]}, "last_activity": "2021-09-25T00:00:00"}, "lastseen": "2021-10-11T04:42:52", "differentElements": ["href"], "edition": 80}, {"bulletin": {"id": "AKB:F7CCD0B7-220B-49E5-A4DF-27E26B64A3F0", "hash": "f895324dfc94580c2fd6a7d9a0f2f27a", "type": "attackerkb", "bulletinFamily": "info", "title": "CVE-2021-40444", "description": "Microsoft MSHTML Remote Code Execution Vulnerability\n\n \n**Recent assessments:** \n \n**JunquerGJ** at September 07, 2021 10:50pm UTC reported:\n\n * Vulnerable if default behaviour has been changed ( By default, Microsoft Office opens documents from the internet in Protected View or Application Guard for Office both of which prevent the current attack ) \n\n * Requires social engineering to be exploited \n\n * Workaround easy to deploy\n\n**ccondon-r7** at September 07, 2021 7:12pm UTC reported:\n\n * Vulnerable if default behaviour has been changed ( By default, Microsoft Office opens documents from the internet in Protected View or Application Guard for Office both of which prevent the current attack ) \n\n * Requires social engineering to be exploited \n\n * Workaround easy to deploy\n\n**nu11secur1ty** at September 22, 2021 4:28pm UTC reported:\n\n * Vulnerable if default behaviour has been changed ( By default, Microsoft Office opens documents from the internet in Protected View or Application Guard for Office both of which prevent the current attack ) \n\n * Requires social engineering to be exploited \n\n * Workaround easy to deploy\n\n**NinjaOperator** at September 07, 2021 6:45pm UTC reported:\n\n * Vulnerable if default behaviour has been changed ( By default, Microsoft Office opens documents from the internet in Protected View or Application Guard for Office both of which prevent the current attack ) \n\n * Requires social engineering to be exploited \n\n * Workaround easy to deploy\n\nAssessed Attacker Value: 3 \nAssessed Attacker Value: 3Assessed Attacker Value: 2\n", "published": "2021-09-15T00:00:00", "modified": "2021-09-25T00:00:00", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}, "cvss2": {}, "cvss3": {}, "href": "https://attackerkb.com/comments/d5168efc-757d-4584-a59f-dd75d566c156", "reporter": "AttackerKB", "references": ["https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-40444", "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-40444", "http://packetstormsecurity.com/files/164210/Microsoft-Windows-MSHTML-Overview.html"], "cvelist": ["CVE-2021-40444"], "immutableFields": [], "lastseen": "2021-10-11T07:42:21", "history": [], "viewCount": 53, "enchantments": {"dependencies": {"references": [{"type": "cve", "idList": ["CVE-2021-40444"]}, {"type": "kitploit", "idList": ["KITPLOIT:4033244480100620751", "KITPLOIT:942518396640901655", "KITPLOIT:3456474172768099634", "KITPLOIT:698315176468431184", "KITPLOIT:3697667464193804316", "KITPLOIT:5187040326820919368", "KITPLOIT:5550923684662771880", "KITPLOIT:5230148353750207837", "KITPLOIT:5184284878903042540", "KITPLOIT:2590785192528609562", "KITPLOIT:1624142243530526923", "KITPLOIT:4074521293617632933"]}, {"type": "cisa", "idList": ["CISA:C70D91615E3DC8B589B493118D474566"]}, {"type": "securelist", "idList": ["SECURELIST:63306FA6D056BD9A04969409AC790D84"]}, {"type": "mssecure", "idList": ["MSSECURE:795E0A765679492C51FEFA2B19EAD597"]}, {"type": "mmpc", "idList": ["MMPC:795E0A765679492C51FEFA2B19EAD597"]}, {"type": "trendmicroblog", "idList": ["TRENDMICROBLOG:E17B66F8728189778826A0F497A540F2", "TRENDMICROBLOG:E0C479F55DF4C53A47CA2170110555AE"]}, {"type": "mskb", "idList": ["KB5005563"]}, {"type": "threatpost", "idList": ["THREATPOST:62DC935BF4DB4EF8A4F1E83519B1D5CD", "THREATPOST:6D61C560E85ECD0A7A35C55E74849510", "THREATPOST:3C3F20C93519036CC712D1CA3A6D7C48"]}, {"type": "nessus", "idList": ["SMB_NT_MS21_SEP_5005569.NASL", "SMB_NT_MS21_SEP_5005565.NASL", "SMB_NT_MS21_SEP_5005566.NASL", "SMB_NT_MS21_IE_SEPT_2021.NASL", "SMB_NT_MS21_SEP_5005613.NASL", "SMB_NT_MS21_SEP_INTERNET_EXPLORER.NASL", "SMB_NT_MS21_SEP_5005573.NASL", "SMB_NT_MS21_SEP_5005568.NASL"]}, {"type": "kaspersky", "idList": ["KLA12278", "KLA12277"]}, {"type": "malwarebytes", "idList": ["MALWAREBYTES:DB54B348AF1AC41987150B5CE7B1BC66", "MALWAREBYTES:76333D1F0FCAFD79FA2EDD4A4CAFBB38", "MALWAREBYTES:801E20618F96EF51F9E60F7BC7906C2B"]}, {"type": "krebs", "idList": ["KREBS:2EC42B845847A6DCFE50ECEB9FF61C29", "KREBS:409088FC2DFC219B74043104C2B672CC"]}, {"type": "thn", "idList": ["THN:67ECC712AB360F5A56F2434CDBF6B51F", "THN:59AE75C78D4644BFA6AD90225B3DE0C1", "THN:D4E86BD8938D3B2E15104CA4922A51F8"]}, {"type": "mscve", "idList": ["MS:CVE-2021-40444"]}, {"type": "avleonov", "idList": ["AVLEONOV:5945665DFA613F7707360C10CED8C916"]}, {"type": "qualysblog", "idList": ["QUALYSBLOG:5576D16DC39617927D8AEFF027CC0911"]}, {"type": "rapid7blog", "idList": ["RAPID7BLOG:CC071AA6971D64B0F7A596B2BBD5F046"]}], "modified": "2021-10-05T10:41:56", "rev": 2}, "score": {"value": 4.4, "vector": "NONE", "modified": "2021-10-05T10:41:56", "rev": 2}}, "objectVersion": "1.6", "attackerkb": {"attackerValue": 3, "exploitability": 2}, "wildExploited": true, "wildExploitedCategory": {"Vendor Advisory": "", "News Article or Blog": ""}, "wildExploitedReports": [{"category": "Vendor Advisory", "source_url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-40444", "published": "2021-09-07T18:47:00"}, {"category": "Vendor Advisory", "source_url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-40444", "published": "2021-09-07T22:50:00"}, {"category": "Vendor Advisory", "source_url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-40444", "published": "2021-09-09T09:55:00"}, {"category": "News Article or Blog", "source_url": "", "published": "2021-09-10T05:06:00"}, {"category": "Vendor Advisory", "source_url": "https://www.microsoft.com/security/blog/2021/09/15/analyzing-attacks-that-exploit-the-mshtml-cve-2021-40444-vulnerability/", "published": "2021-09-17T14:53:00"}, {"category": "Threat Feed", "source_url": "", "published": "2021-09-17T14:53:00"}], "references_categories": {"Canonical": ["https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-40444"], "Miscellaneous": ["https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-40444", "http://packetstormsecurity.com/files/164210/Microsoft-Windows-MSHTML-Overview.html"]}, "tags": ["requires_interaction", "obscure_configuration"], "mitre_vector": {"Execution": ["Command and Scripting Interpreter: Windows Command Shell(Validated)", "Exploitation for Client Execution(Validated)", "User Execution(Validated)"]}, "last_activity": "2021-09-25T00:00:00"}, "lastseen": "2021-10-11T07:42:21", "differentElements": ["href"], "edition": 81}, {"bulletin": {"id": "AKB:F7CCD0B7-220B-49E5-A4DF-27E26B64A3F0", "hash": "3d52b470d5472513daaca763ba17c977", "type": "attackerkb", "bulletinFamily": "info", "title": "CVE-2021-40444", "description": "Microsoft MSHTML Remote Code Execution Vulnerability\n\n \n**Recent assessments:** \n \n**JunquerGJ** at September 07, 2021 10:50pm UTC reported:\n\n * Vulnerable if default behaviour has been changed ( By default, Microsoft Office opens documents from the internet in Protected View or Application Guard for Office both of which prevent the current attack ) \n\n * Requires social engineering to be exploited \n\n * Workaround easy to deploy\n\n**ccondon-r7** at September 07, 2021 7:12pm UTC reported:\n\n * Vulnerable if default behaviour has been changed ( By default, Microsoft Office opens documents from the internet in Protected View or Application Guard for Office both of which prevent the current attack ) \n\n * Requires social engineering to be exploited \n\n * Workaround easy to deploy\n\n**nu11secur1ty** at September 22, 2021 4:28pm UTC reported:\n\n * Vulnerable if default behaviour has been changed ( By default, Microsoft Office opens documents from the internet in Protected View or Application Guard for Office both of which prevent the current attack ) \n\n * Requires social engineering to be exploited \n\n * Workaround easy to deploy\n\n**NinjaOperator** at September 07, 2021 6:45pm UTC reported:\n\n * Vulnerable if default behaviour has been changed ( By default, Microsoft Office opens documents from the internet in Protected View or Application Guard for Office both of which prevent the current attack ) \n\n * Requires social engineering to be exploited \n\n * Workaround easy to deploy\n\nAssessed Attacker Value: 3 \nAssessed Attacker Value: 3Assessed Attacker Value: 2\n", "published": "2021-09-15T00:00:00", "modified": "2021-09-25T00:00:00", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}, "cvss2": {}, "cvss3": {}, "href": "https://attackerkb.com/topics/6ojqzQoPox/cve-2021-40444", "reporter": "AttackerKB", "references": ["https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-40444", "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-40444", "http://packetstormsecurity.com/files/164210/Microsoft-Windows-MSHTML-Overview.html"], "cvelist": ["CVE-2021-40444"], "immutableFields": [], "lastseen": "2021-10-11T10:43:00", "history": [], "viewCount": 53, "enchantments": {"dependencies": {"references": [{"type": "cve", "idList": ["CVE-2021-40444"]}, {"type": "kitploit", "idList": ["KITPLOIT:4033244480100620751", "KITPLOIT:942518396640901655", "KITPLOIT:3456474172768099634", "KITPLOIT:698315176468431184", "KITPLOIT:3697667464193804316", "KITPLOIT:5187040326820919368", "KITPLOIT:5550923684662771880", "KITPLOIT:5230148353750207837", "KITPLOIT:5184284878903042540", "KITPLOIT:2590785192528609562", "KITPLOIT:1624142243530526923", "KITPLOIT:4074521293617632933"]}, {"type": "cisa", "idList": ["CISA:C70D91615E3DC8B589B493118D474566"]}, {"type": "securelist", "idList": ["SECURELIST:63306FA6D056BD9A04969409AC790D84"]}, {"type": "mssecure", "idList": ["MSSECURE:795E0A765679492C51FEFA2B19EAD597"]}, {"type": "mmpc", "idList": ["MMPC:795E0A765679492C51FEFA2B19EAD597"]}, {"type": "trendmicroblog", "idList": ["TRENDMICROBLOG:E17B66F8728189778826A0F497A540F2", "TRENDMICROBLOG:E0C479F55DF4C53A47CA2170110555AE"]}, {"type": "mskb", "idList": ["KB5005563"]}, {"type": "threatpost", "idList": ["THREATPOST:62DC935BF4DB4EF8A4F1E83519B1D5CD", "THREATPOST:6D61C560E85ECD0A7A35C55E74849510", "THREATPOST:3C3F20C93519036CC712D1CA3A6D7C48"]}, {"type": "nessus", "idList": ["SMB_NT_MS21_SEP_5005569.NASL", "SMB_NT_MS21_SEP_5005565.NASL", "SMB_NT_MS21_SEP_5005566.NASL", "SMB_NT_MS21_IE_SEPT_2021.NASL", "SMB_NT_MS21_SEP_5005613.NASL", "SMB_NT_MS21_SEP_INTERNET_EXPLORER.NASL", "SMB_NT_MS21_SEP_5005573.NASL", "SMB_NT_MS21_SEP_5005568.NASL"]}, {"type": "kaspersky", "idList": ["KLA12278", "KLA12277"]}, {"type": "malwarebytes", "idList": ["MALWAREBYTES:DB54B348AF1AC41987150B5CE7B1BC66", "MALWAREBYTES:76333D1F0FCAFD79FA2EDD4A4CAFBB38", "MALWAREBYTES:801E20618F96EF51F9E60F7BC7906C2B"]}, {"type": "krebs", "idList": ["KREBS:2EC42B845847A6DCFE50ECEB9FF61C29", "KREBS:409088FC2DFC219B74043104C2B672CC"]}, {"type": "thn", "idList": ["THN:67ECC712AB360F5A56F2434CDBF6B51F", "THN:59AE75C78D4644BFA6AD90225B3DE0C1", "THN:D4E86BD8938D3B2E15104CA4922A51F8"]}, {"type": "mscve", "idList": ["MS:CVE-2021-40444"]}, {"type": "avleonov", "idList": ["AVLEONOV:5945665DFA613F7707360C10CED8C916"]}, {"type": "qualysblog", "idList": ["QUALYSBLOG:5576D16DC39617927D8AEFF027CC0911"]}, {"type": "rapid7blog", "idList": ["RAPID7BLOG:CC071AA6971D64B0F7A596B2BBD5F046"]}], "modified": "2021-10-05T10:41:56", "rev": 2}, "score": {"value": 4.4, "vector": "NONE", "modified": "2021-10-05T10:41:56", "rev": 2}}, "objectVersion": "1.6", "attackerkb": {"attackerValue": 3, "exploitability": 2}, "wildExploited": true, "wildExploitedCategory": {"Vendor Advisory": "", "News Article or Blog": ""}, "wildExploitedReports": [{"category": "Vendor Advisory", "source_url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-40444", "published": "2021-09-07T18:47:00"}, {"category": "Vendor Advisory", "source_url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-40444", "published": "2021-09-07T22:50:00"}, {"category": "Vendor Advisory", "source_url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-40444", "published": "2021-09-09T09:55:00"}, {"category": "News Article or Blog", "source_url": "", "published": "2021-09-10T05:06:00"}, {"category": "Vendor Advisory", "source_url": "https://www.microsoft.com/security/blog/2021/09/15/analyzing-attacks-that-exploit-the-mshtml-cve-2021-40444-vulnerability/", "published": "2021-09-17T14:53:00"}, {"category": "Threat Feed", "source_url": "", "published": "2021-09-17T14:53:00"}], "references_categories": {"Canonical": ["https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-40444"], "Miscellaneous": ["https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-40444", "http://packetstormsecurity.com/files/164210/Microsoft-Windows-MSHTML-Overview.html"]}, "tags": ["requires_interaction", "obscure_configuration"], "mitre_vector": {"Execution": ["Command and Scripting Interpreter: Windows Command Shell(Validated)", "Exploitation for Client Execution(Validated)", "User Execution(Validated)"]}, "last_activity": "2021-09-25T00:00:00"}, "lastseen": "2021-10-11T10:43:00", "differentElements": ["href"], "edition": 82}, {"bulletin": {"id": "AKB:F7CCD0B7-220B-49E5-A4DF-27E26B64A3F0", "hash": "f895324dfc94580c2fd6a7d9a0f2f27a", "type": "attackerkb", "bulletinFamily": "info", "title": "CVE-2021-40444", "description": "Microsoft MSHTML Remote Code Execution Vulnerability\n\n \n**Recent assessments:** \n \n**JunquerGJ** at September 07, 2021 10:50pm UTC reported:\n\n * Vulnerable if default behaviour has been changed ( By default, Microsoft Office opens documents from the internet in Protected View or Application Guard for Office both of which prevent the current attack ) \n\n * Requires social engineering to be exploited \n\n * Workaround easy to deploy\n\n**ccondon-r7** at September 07, 2021 7:12pm UTC reported:\n\n * Vulnerable if default behaviour has been changed ( By default, Microsoft Office opens documents from the internet in Protected View or Application Guard for Office both of which prevent the current attack ) \n\n * Requires social engineering to be exploited \n\n * Workaround easy to deploy\n\n**nu11secur1ty** at September 22, 2021 4:28pm UTC reported:\n\n * Vulnerable if default behaviour has been changed ( By default, Microsoft Office opens documents from the internet in Protected View or Application Guard for Office both of which prevent the current attack ) \n\n * Requires social engineering to be exploited \n\n * Workaround easy to deploy\n\n**NinjaOperator** at September 07, 2021 6:45pm UTC reported:\n\n * Vulnerable if default behaviour has been changed ( By default, Microsoft Office opens documents from the internet in Protected View or Application Guard for Office both of which prevent the current attack ) \n\n * Requires social engineering to be exploited \n\n * Workaround easy to deploy\n\nAssessed Attacker Value: 3 \nAssessed Attacker Value: 3Assessed Attacker Value: 2\n", "published": "2021-09-15T00:00:00", "modified": "2021-09-25T00:00:00", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}, "cvss2": {}, "cvss3": {}, "href": "https://attackerkb.com/comments/d5168efc-757d-4584-a59f-dd75d566c156", "reporter": "AttackerKB", "references": ["https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-40444", "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-40444", "http://packetstormsecurity.com/files/164210/Microsoft-Windows-MSHTML-Overview.html"], "cvelist": ["CVE-2021-40444"], "immutableFields": [], "lastseen": "2021-10-11T13:42:18", "history": [], "viewCount": 53, "enchantments": {"dependencies": {"references": [{"type": "cve", "idList": ["CVE-2021-40444"]}, {"type": "kitploit", "idList": ["KITPLOIT:5184284878903042540", "KITPLOIT:4033244480100620751", "KITPLOIT:4074521293617632933", "KITPLOIT:3456474172768099634", "KITPLOIT:942518396640901655", "KITPLOIT:5230148353750207837", "KITPLOIT:5550923684662771880", "KITPLOIT:3697667464193804316", "KITPLOIT:2590785192528609562", "KITPLOIT:1624142243530526923", "KITPLOIT:698315176468431184", "KITPLOIT:5187040326820919368"]}, {"type": "cisa", "idList": ["CISA:C70D91615E3DC8B589B493118D474566"]}, {"type": "securelist", "idList": ["SECURELIST:63306FA6D056BD9A04969409AC790D84"]}, {"type": "mmpc", "idList": ["MMPC:795E0A765679492C51FEFA2B19EAD597"]}, {"type": "mssecure", "idList": ["MSSECURE:795E0A765679492C51FEFA2B19EAD597"]}, {"type": "trendmicroblog", "idList": ["TRENDMICROBLOG:E17B66F8728189778826A0F497A540F2", "TRENDMICROBLOG:E0C479F55DF4C53A47CA2170110555AE"]}, {"type": "nessus", "idList": ["SMB_NT_MS21_SEP_5005573.NASL", "SMB_NT_MS21_SEP_5005613.NASL", "SMB_NT_MS21_SEP_5005568.NASL", "SMB_NT_MS21_SEP_5005565.NASL", "SMB_NT_MS21_SEP_5005566.NASL", "SMB_NT_MS21_IE_SEPT_2021.NASL", "SMB_NT_MS21_SEP_INTERNET_EXPLORER.NASL", "SMB_NT_MS21_SEP_5005569.NASL"]}, {"type": "kaspersky", "idList": ["KLA12278", "KLA12277"]}, {"type": "malwarebytes", "idList": ["MALWAREBYTES:DB54B348AF1AC41987150B5CE7B1BC66", "MALWAREBYTES:801E20618F96EF51F9E60F7BC7906C2B", "MALWAREBYTES:76333D1F0FCAFD79FA2EDD4A4CAFBB38"]}, {"type": "thn", "idList": ["THN:59AE75C78D4644BFA6AD90225B3DE0C1", "THN:D4E86BD8938D3B2E15104CA4922A51F8", "THN:67ECC712AB360F5A56F2434CDBF6B51F"]}, {"type": "threatpost", "idList": ["THREATPOST:6D61C560E85ECD0A7A35C55E74849510", "THREATPOST:3C3F20C93519036CC712D1CA3A6D7C48", "THREATPOST:62DC935BF4DB4EF8A4F1E83519B1D5CD"]}, {"type": "mscve", "idList": ["MS:CVE-2021-40444"]}, {"type": "mskb", "idList": ["KB5005563"]}, {"type": "krebs", "idList": ["KREBS:409088FC2DFC219B74043104C2B672CC", "KREBS:2EC42B845847A6DCFE50ECEB9FF61C29"]}, {"type": "avleonov", "idList": ["AVLEONOV:5945665DFA613F7707360C10CED8C916"]}, {"type": "qualysblog", "idList": ["QUALYSBLOG:5576D16DC39617927D8AEFF027CC0911"]}, {"type": "rapid7blog", "idList": ["RAPID7BLOG:CC071AA6971D64B0F7A596B2BBD5F046"]}], "modified": "2021-10-11T13:42:18", "rev": 2}, "score": {"value": 4.4, "vector": "NONE", "modified": "2021-10-11T13:42:18", "rev": 2}}, "objectVersion": "1.6", "attackerkb": {"attackerValue": 3, "exploitability": 2}, "wildExploited": true, "wildExploitedCategory": {"Vendor Advisory": "", "News Article or Blog": ""}, "wildExploitedReports": [{"category": "Vendor Advisory", "source_url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-40444", "published": "2021-09-07T18:47:00"}, {"category": "Vendor Advisory", "source_url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-40444", "published": "2021-09-07T22:50:00"}, {"category": "Vendor Advisory", "source_url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-40444", "published": "2021-09-09T09:55:00"}, {"category": "News Article or Blog", "source_url": "", "published": "2021-09-10T05:06:00"}, {"category": "Vendor Advisory", "source_url": "https://www.microsoft.com/security/blog/2021/09/15/analyzing-attacks-that-exploit-the-mshtml-cve-2021-40444-vulnerability/", "published": "2021-09-17T14:53:00"}, {"category": "Threat Feed", "source_url": "", "published": "2021-09-17T14:53:00"}], "references_categories": {"Canonical": ["https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-40444"], "Miscellaneous": ["https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-40444", "http://packetstormsecurity.com/files/164210/Microsoft-Windows-MSHTML-Overview.html"]}, "tags": ["requires_interaction", "obscure_configuration"], "mitre_vector": {"Execution": ["Command and Scripting Interpreter: Windows Command Shell(Validated)", "Exploitation for Client Execution(Validated)", "User Execution(Validated)"]}, "last_activity": "2021-09-25T00:00:00"}, "lastseen": "2021-10-11T13:42:18", "differentElements": ["href"], "edition": 83}, {"bulletin": {"id": "AKB:F7CCD0B7-220B-49E5-A4DF-27E26B64A3F0", "hash": "3d52b470d5472513daaca763ba17c977", "type": "attackerkb", "bulletinFamily": "info", "title": "CVE-2021-40444", "description": "Microsoft MSHTML Remote Code Execution Vulnerability\n\n \n**Recent assessments:** \n \n**JunquerGJ** at September 07, 2021 10:50pm UTC reported:\n\n * Vulnerable if default behaviour has been changed ( By default, Microsoft Office opens documents from the internet in Protected View or Application Guard for Office both of which prevent the current attack ) \n\n * Requires social engineering to be exploited \n\n * Workaround easy to deploy\n\n**ccondon-r7** at September 07, 2021 7:12pm UTC reported:\n\n * Vulnerable if default behaviour has been changed ( By default, Microsoft Office opens documents from the internet in Protected View or Application Guard for Office both of which prevent the current attack ) \n\n * Requires social engineering to be exploited \n\n * Workaround easy to deploy\n\n**nu11secur1ty** at September 22, 2021 4:28pm UTC reported:\n\n * Vulnerable if default behaviour has been changed ( By default, Microsoft Office opens documents from the internet in Protected View or Application Guard for Office both of which prevent the current attack ) \n\n * Requires social engineering to be exploited \n\n * Workaround easy to deploy\n\n**NinjaOperator** at September 07, 2021 6:45pm UTC reported:\n\n * Vulnerable if default behaviour has been changed ( By default, Microsoft Office opens documents from the internet in Protected View or Application Guard for Office both of which prevent the current attack ) \n\n * Requires social engineering to be exploited \n\n * Workaround easy to deploy\n\nAssessed Attacker Value: 3 \nAssessed Attacker Value: 3Assessed Attacker Value: 2\n", "published": "2021-09-15T00:00:00", "modified": "2021-09-25T00:00:00", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}, "cvss2": {}, "cvss3": {}, "href": "https://attackerkb.com/topics/6ojqzQoPox/cve-2021-40444", "reporter": "AttackerKB", "references": ["https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-40444", "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-40444", "http://packetstormsecurity.com/files/164210/Microsoft-Windows-MSHTML-Overview.html"], "cvelist": ["CVE-2021-40444"], "immutableFields": [], "lastseen": "2021-10-11T16:42:06", "history": [], "viewCount": 53, "enchantments": {"dependencies": {"references": [{"type": "cve", "idList": ["CVE-2021-40444"]}, {"type": "kitploit", "idList": ["KITPLOIT:5184284878903042540", "KITPLOIT:4033244480100620751", "KITPLOIT:4074521293617632933", "KITPLOIT:3456474172768099634", "KITPLOIT:942518396640901655", "KITPLOIT:5230148353750207837", "KITPLOIT:5550923684662771880", "KITPLOIT:3697667464193804316", "KITPLOIT:2590785192528609562", "KITPLOIT:1624142243530526923", "KITPLOIT:698315176468431184", "KITPLOIT:5187040326820919368"]}, {"type": "cisa", "idList": ["CISA:C70D91615E3DC8B589B493118D474566"]}, {"type": "securelist", "idList": ["SECURELIST:63306FA6D056BD9A04969409AC790D84"]}, {"type": "mmpc", "idList": ["MMPC:795E0A765679492C51FEFA2B19EAD597"]}, {"type": "mssecure", "idList": ["MSSECURE:795E0A765679492C51FEFA2B19EAD597"]}, {"type": "trendmicroblog", "idList": ["TRENDMICROBLOG:E17B66F8728189778826A0F497A540F2", "TRENDMICROBLOG:E0C479F55DF4C53A47CA2170110555AE"]}, {"type": "nessus", "idList": ["SMB_NT_MS21_SEP_5005573.NASL", "SMB_NT_MS21_SEP_5005613.NASL", "SMB_NT_MS21_SEP_5005568.NASL", "SMB_NT_MS21_SEP_5005565.NASL", "SMB_NT_MS21_SEP_5005566.NASL", "SMB_NT_MS21_IE_SEPT_2021.NASL", "SMB_NT_MS21_SEP_INTERNET_EXPLORER.NASL", "SMB_NT_MS21_SEP_5005569.NASL"]}, {"type": "kaspersky", "idList": ["KLA12278", "KLA12277"]}, {"type": "malwarebytes", "idList": ["MALWAREBYTES:DB54B348AF1AC41987150B5CE7B1BC66", "MALWAREBYTES:801E20618F96EF51F9E60F7BC7906C2B", "MALWAREBYTES:76333D1F0FCAFD79FA2EDD4A4CAFBB38"]}, {"type": "thn", "idList": ["THN:59AE75C78D4644BFA6AD90225B3DE0C1", "THN:D4E86BD8938D3B2E15104CA4922A51F8", "THN:67ECC712AB360F5A56F2434CDBF6B51F"]}, {"type": "threatpost", "idList": ["THREATPOST:6D61C560E85ECD0A7A35C55E74849510", "THREATPOST:3C3F20C93519036CC712D1CA3A6D7C48", "THREATPOST:62DC935BF4DB4EF8A4F1E83519B1D5CD"]}, {"type": "mscve", "idList": ["MS:CVE-2021-40444"]}, {"type": "mskb", "idList": ["KB5005563"]}, {"type": "krebs", "idList": ["KREBS:409088FC2DFC219B74043104C2B672CC", "KREBS:2EC42B845847A6DCFE50ECEB9FF61C29"]}, {"type": "avleonov", "idList": ["AVLEONOV:5945665DFA613F7707360C10CED8C916"]}, {"type": "qualysblog", "idList": ["QUALYSBLOG:5576D16DC39617927D8AEFF027CC0911"]}, {"type": "rapid7blog", "idList": ["RAPID7BLOG:CC071AA6971D64B0F7A596B2BBD5F046"]}], "modified": "2021-10-11T13:42:18", "rev": 2}, "score": {"value": 4.4, "vector": "NONE", "modified": "2021-10-11T13:42:18", "rev": 2}}, "objectVersion": "1.6", "attackerkb": {"attackerValue": 3, "exploitability": 2}, "wildExploited": true, "wildExploitedCategory": {"Vendor Advisory": "", "News Article or Blog": ""}, "wildExploitedReports": [{"category": "Vendor Advisory", "source_url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-40444", "published": "2021-09-07T18:47:00"}, {"category": "Vendor Advisory", "source_url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-40444", "published": "2021-09-07T22:50:00"}, {"category": "Vendor Advisory", "source_url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-40444", "published": "2021-09-09T09:55:00"}, {"category": "News Article or Blog", "source_url": "", "published": "2021-09-10T05:06:00"}, {"category": "Vendor Advisory", "source_url": "https://www.microsoft.com/security/blog/2021/09/15/analyzing-attacks-that-exploit-the-mshtml-cve-2021-40444-vulnerability/", "published": "2021-09-17T14:53:00"}, {"category": "Threat Feed", "source_url": "", "published": "2021-09-17T14:53:00"}], "references_categories": {"Canonical": ["https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-40444"], "Miscellaneous": ["https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-40444", "http://packetstormsecurity.com/files/164210/Microsoft-Windows-MSHTML-Overview.html"]}, "tags": ["requires_interaction", "obscure_configuration"], "mitre_vector": {"Execution": ["Command and Scripting Interpreter: Windows Command Shell(Validated)", "Exploitation for Client Execution(Validated)", "User Execution(Validated)"]}, "last_activity": "2021-09-25T00:00:00"}, "lastseen": "2021-10-11T16:42:06", "differentElements": ["href"], "edition": 84}, {"bulletin": {"id": "AKB:F7CCD0B7-220B-49E5-A4DF-27E26B64A3F0", "hash": "f895324dfc94580c2fd6a7d9a0f2f27a", "type": "attackerkb", "bulletinFamily": "info", "title": "CVE-2021-40444", "description": "Microsoft MSHTML Remote Code Execution Vulnerability\n\n \n**Recent assessments:** \n \n**JunquerGJ** at September 07, 2021 10:50pm UTC reported:\n\n * Vulnerable if default behaviour has been changed ( By default, Microsoft Office opens documents from the internet in Protected View or Application Guard for Office both of which prevent the current attack ) \n\n * Requires social engineering to be exploited \n\n * Workaround easy to deploy\n\n**ccondon-r7** at September 07, 2021 7:12pm UTC reported:\n\n * Vulnerable if default behaviour has been changed ( By default, Microsoft Office opens documents from the internet in Protected View or Application Guard for Office both of which prevent the current attack ) \n\n * Requires social engineering to be exploited \n\n * Workaround easy to deploy\n\n**nu11secur1ty** at September 22, 2021 4:28pm UTC reported:\n\n * Vulnerable if default behaviour has been changed ( By default, Microsoft Office opens documents from the internet in Protected View or Application Guard for Office both of which prevent the current attack ) \n\n * Requires social engineering to be exploited \n\n * Workaround easy to deploy\n\n**NinjaOperator** at September 07, 2021 6:45pm UTC reported:\n\n * Vulnerable if default behaviour has been changed ( By default, Microsoft Office opens documents from the internet in Protected View or Application Guard for Office both of which prevent the current attack ) \n\n * Requires social engineering to be exploited \n\n * Workaround easy to deploy\n\nAssessed Attacker Value: 3 \nAssessed Attacker Value: 3Assessed Attacker Value: 2\n", "published": "2021-09-15T00:00:00", "modified": "2021-09-25T00:00:00", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}, "cvss2": {}, "cvss3": {}, "href": "https://attackerkb.com/comments/d5168efc-757d-4584-a59f-dd75d566c156", "reporter": "AttackerKB", "references": ["https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-40444", "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-40444", "http://packetstormsecurity.com/files/164210/Microsoft-Windows-MSHTML-Overview.html"], "cvelist": ["CVE-2021-40444"], "immutableFields": [], "lastseen": "2021-10-11T19:43:22", "history": [], "viewCount": 53, "enchantments": {"dependencies": {"references": [{"type": "cve", "idList": ["CVE-2021-40444"]}, {"type": "kitploit", "idList": ["KITPLOIT:5184284878903042540", "KITPLOIT:4033244480100620751", "KITPLOIT:4074521293617632933", "KITPLOIT:3456474172768099634", "KITPLOIT:942518396640901655", "KITPLOIT:5230148353750207837", "KITPLOIT:5550923684662771880", "KITPLOIT:3697667464193804316", "KITPLOIT:2590785192528609562", "KITPLOIT:1624142243530526923", "KITPLOIT:698315176468431184", "KITPLOIT:5187040326820919368"]}, {"type": "cisa", "idList": ["CISA:C70D91615E3DC8B589B493118D474566"]}, {"type": "securelist", "idList": ["SECURELIST:63306FA6D056BD9A04969409AC790D84"]}, {"type": "mmpc", "idList": ["MMPC:795E0A765679492C51FEFA2B19EAD597"]}, {"type": "mssecure", "idList": ["MSSECURE:795E0A765679492C51FEFA2B19EAD597"]}, {"type": "trendmicroblog", "idList": ["TRENDMICROBLOG:E17B66F8728189778826A0F497A540F2", "TRENDMICROBLOG:E0C479F55DF4C53A47CA2170110555AE"]}, {"type": "nessus", "idList": ["SMB_NT_MS21_SEP_5005573.NASL", "SMB_NT_MS21_SEP_5005613.NASL", "SMB_NT_MS21_SEP_5005568.NASL", "SMB_NT_MS21_SEP_5005565.NASL", "SMB_NT_MS21_SEP_5005566.NASL", "SMB_NT_MS21_IE_SEPT_2021.NASL", "SMB_NT_MS21_SEP_INTERNET_EXPLORER.NASL", "SMB_NT_MS21_SEP_5005569.NASL"]}, {"type": "kaspersky", "idList": ["KLA12278", "KLA12277"]}, {"type": "malwarebytes", "idList": ["MALWAREBYTES:DB54B348AF1AC41987150B5CE7B1BC66", "MALWAREBYTES:801E20618F96EF51F9E60F7BC7906C2B", "MALWAREBYTES:76333D1F0FCAFD79FA2EDD4A4CAFBB38"]}, {"type": "thn", "idList": ["THN:59AE75C78D4644BFA6AD90225B3DE0C1", "THN:D4E86BD8938D3B2E15104CA4922A51F8", "THN:67ECC712AB360F5A56F2434CDBF6B51F"]}, {"type": "threatpost", "idList": ["THREATPOST:6D61C560E85ECD0A7A35C55E74849510", "THREATPOST:3C3F20C93519036CC712D1CA3A6D7C48", "THREATPOST:62DC935BF4DB4EF8A4F1E83519B1D5CD"]}, {"type": "mscve", "idList": ["MS:CVE-2021-40444"]}, {"type": "mskb", "idList": ["KB5005563"]}, {"type": "krebs", "idList": ["KREBS:409088FC2DFC219B74043104C2B672CC", "KREBS:2EC42B845847A6DCFE50ECEB9FF61C29"]}, {"type": "avleonov", "idList": ["AVLEONOV:5945665DFA613F7707360C10CED8C916"]}, {"type": "qualysblog", "idList": ["QUALYSBLOG:5576D16DC39617927D8AEFF027CC0911"]}, {"type": "rapid7blog", "idList": ["RAPID7BLOG:CC071AA6971D64B0F7A596B2BBD5F046"]}], "modified": "2021-10-11T13:42:18", "rev": 2}, "score": {"value": 4.4, "vector": "NONE", "modified": "2021-10-11T13:42:18", "rev": 2}}, "objectVersion": "1.6", "attackerkb": {"attackerValue": 3, "exploitability": 2}, "wildExploited": true, "wildExploitedCategory": {"Vendor Advisory": "", "News Article or Blog": ""}, "wildExploitedReports": [{"category": "Vendor Advisory", "source_url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-40444", "published": "2021-09-07T18:47:00"}, {"category": "Vendor Advisory", "source_url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-40444", "published": "2021-09-07T22:50:00"}, {"category": "Vendor Advisory", "source_url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-40444", "published": "2021-09-09T09:55:00"}, {"category": "News Article or Blog", "source_url": "", "published": "2021-09-10T05:06:00"}, {"category": "Vendor Advisory", "source_url": "https://www.microsoft.com/security/blog/2021/09/15/analyzing-attacks-that-exploit-the-mshtml-cve-2021-40444-vulnerability/", "published": "2021-09-17T14:53:00"}, {"category": "Threat Feed", "source_url": "", "published": "2021-09-17T14:53:00"}], "references_categories": {"Canonical": ["https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-40444"], "Miscellaneous": ["https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-40444", "http://packetstormsecurity.com/files/164210/Microsoft-Windows-MSHTML-Overview.html"]}, "tags": ["requires_interaction", "obscure_configuration"], "mitre_vector": {"Execution": ["Command and Scripting Interpreter: Windows Command Shell(Validated)", "Exploitation for Client Execution(Validated)", "User Execution(Validated)"]}, "last_activity": "2021-09-25T00:00:00"}, "lastseen": "2021-10-11T19:43:22", "differentElements": ["href"], "edition": 85}, {"bulletin": {"id": "AKB:F7CCD0B7-220B-49E5-A4DF-27E26B64A3F0", "hash": "3d52b470d5472513daaca763ba17c977", "type": "attackerkb", "bulletinFamily": "info", "title": "CVE-2021-40444", "description": "Microsoft MSHTML Remote Code Execution Vulnerability\n\n \n**Recent assessments:** \n \n**JunquerGJ** at September 07, 2021 10:50pm UTC reported:\n\n * Vulnerable if default behaviour has been changed ( By default, Microsoft Office opens documents from the internet in Protected View or Application Guard for Office both of which prevent the current attack ) \n\n * Requires social engineering to be exploited \n\n * Workaround easy to deploy\n\n**ccondon-r7** at September 07, 2021 7:12pm UTC reported:\n\n * Vulnerable if default behaviour has been changed ( By default, Microsoft Office opens documents from the internet in Protected View or Application Guard for Office both of which prevent the current attack ) \n\n * Requires social engineering to be exploited \n\n * Workaround easy to deploy\n\n**nu11secur1ty** at September 22, 2021 4:28pm UTC reported:\n\n * Vulnerable if default behaviour has been changed ( By default, Microsoft Office opens documents from the internet in Protected View or Application Guard for Office both of which prevent the current attack ) \n\n * Requires social engineering to be exploited \n\n * Workaround easy to deploy\n\n**NinjaOperator** at September 07, 2021 6:45pm UTC reported:\n\n * Vulnerable if default behaviour has been changed ( By default, Microsoft Office opens documents from the internet in Protected View or Application Guard for Office both of which prevent the current attack ) \n\n * Requires social engineering to be exploited \n\n * Workaround easy to deploy\n\nAssessed Attacker Value: 3 \nAssessed Attacker Value: 3Assessed Attacker Value: 2\n", "published": "2021-09-15T00:00:00", "modified": "2021-09-25T00:00:00", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}, "cvss2": {}, "cvss3": {}, "href": "https://attackerkb.com/topics/6ojqzQoPox/cve-2021-40444", "reporter": "AttackerKB", "references": ["https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-40444", "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-40444", "http://packetstormsecurity.com/files/164210/Microsoft-Windows-MSHTML-Overview.html"], "cvelist": ["CVE-2021-40444"], "immutableFields": [], "lastseen": "2021-10-12T01:42:18", "history": [], "viewCount": 53, "enchantments": {"dependencies": {"references": [{"type": "cve", "idList": ["CVE-2021-40444"]}, {"type": "kitploit", "idList": ["KITPLOIT:5187040326820919368", "KITPLOIT:2590785192528609562", "KITPLOIT:698315176468431184", "KITPLOIT:942518396640901655", "KITPLOIT:3456474172768099634", "KITPLOIT:3697667464193804316", "KITPLOIT:4033244480100620751", "KITPLOIT:4074521293617632933", "KITPLOIT:1624142243530526923", "KITPLOIT:5550923684662771880", "KITPLOIT:5184284878903042540", "KITPLOIT:5230148353750207837"]}, {"type": "securelist", "idList": ["SECURELIST:63306FA6D056BD9A04969409AC790D84"]}, {"type": "cisa", "idList": ["CISA:C70D91615E3DC8B589B493118D474566"]}, {"type": "mmpc", "idList": ["MMPC:795E0A765679492C51FEFA2B19EAD597"]}, {"type": "mssecure", "idList": ["MSSECURE:795E0A765679492C51FEFA2B19EAD597"]}, {"type": "trendmicroblog", "idList": ["TRENDMICROBLOG:E17B66F8728189778826A0F497A540F2", "TRENDMICROBLOG:E0C479F55DF4C53A47CA2170110555AE"]}, {"type": "nessus", "idList": ["SMB_NT_MS21_SEP_5005613.NASL", "SMB_NT_MS21_SEP_5005569.NASL", "SMB_NT_MS21_SEP_INTERNET_EXPLORER.NASL", "SMB_NT_MS21_IE_SEPT_2021.NASL", "SMB_NT_MS21_SEP_5005573.NASL", "SMB_NT_MS21_SEP_5005565.NASL", "SMB_NT_MS21_SEP_5005566.NASL", "SMB_NT_MS21_SEP_5005568.NASL"]}, {"type": "thn", "idList": ["THN:D4E86BD8938D3B2E15104CA4922A51F8", "THN:59AE75C78D4644BFA6AD90225B3DE0C1", "THN:67ECC712AB360F5A56F2434CDBF6B51F"]}, {"type": "kaspersky", "idList": ["KLA12277", "KLA12278"]}, {"type": "malwarebytes", "idList": ["MALWAREBYTES:DB54B348AF1AC41987150B5CE7B1BC66", "MALWAREBYTES:801E20618F96EF51F9E60F7BC7906C2B", "MALWAREBYTES:76333D1F0FCAFD79FA2EDD4A4CAFBB38"]}, {"type": "threatpost", "idList": ["THREATPOST:6D61C560E85ECD0A7A35C55E74849510", "THREATPOST:62DC935BF4DB4EF8A4F1E83519B1D5CD", "THREATPOST:3C3F20C93519036CC712D1CA3A6D7C48"]}, {"type": "krebs", "idList": ["KREBS:2EC42B845847A6DCFE50ECEB9FF61C29", "KREBS:409088FC2DFC219B74043104C2B672CC"]}, {"type": "mscve", "idList": ["MS:CVE-2021-40444"]}, {"type": "mskb", "idList": ["KB5005563"]}, {"type": "avleonov", "idList": ["AVLEONOV:5945665DFA613F7707360C10CED8C916"]}, {"type": "rapid7blog", "idList": ["RAPID7BLOG:CC071AA6971D64B0F7A596B2BBD5F046"]}, {"type": "qualysblog", "idList": ["QUALYSBLOG:5576D16DC39617927D8AEFF027CC0911"]}], "modified": "2021-10-12T01:42:18", "rev": 2}, "score": {"value": 4.4, "vector": "NONE", "modified": "2021-10-12T01:42:18", "rev": 2}}, "objectVersion": "1.6", "attackerkb": {"attackerValue": 3, "exploitability": 2}, "wildExploited": true, "wildExploitedCategory": {"Vendor Advisory": "", "News Article or Blog": ""}, "wildExploitedReports": [{"category": "Vendor Advisory", "source_url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-40444", "published": "2021-09-07T18:47:00"}, {"category": "Vendor Advisory", "source_url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-40444", "published": "2021-09-07T22:50:00"}, {"category": "Vendor Advisory", "source_url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-40444", "published": "2021-09-09T09:55:00"}, {"category": "News Article or Blog", "source_url": "", "published": "2021-09-10T05:06:00"}, {"category": "Vendor Advisory", "source_url": "https://www.microsoft.com/security/blog/2021/09/15/analyzing-attacks-that-exploit-the-mshtml-cve-2021-40444-vulnerability/", "published": "2021-09-17T14:53:00"}, {"category": "Threat Feed", "source_url": "", "published": "2021-09-17T14:53:00"}], "references_categories": {"Canonical": ["https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-40444"], "Miscellaneous": ["https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-40444", "http://packetstormsecurity.com/files/164210/Microsoft-Windows-MSHTML-Overview.html"]}, "tags": ["requires_interaction", "obscure_configuration"], "mitre_vector": {"Execution": ["Command and Scripting Interpreter: Windows Command Shell(Validated)", "Exploitation for Client Execution(Validated)", "User Execution(Validated)"]}, "last_activity": "2021-09-25T00:00:00"}, "lastseen": "2021-10-12T01:42:18", "differentElements": ["href"], "edition": 86}, {"bulletin": {"id": "AKB:F7CCD0B7-220B-49E5-A4DF-27E26B64A3F0", "hash": "f895324dfc94580c2fd6a7d9a0f2f27a", "type": "attackerkb", "bulletinFamily": "info", "title": "CVE-2021-40444", "description": "Microsoft MSHTML Remote Code Execution Vulnerability\n\n \n**Recent assessments:** \n \n**JunquerGJ** at September 07, 2021 10:50pm UTC reported:\n\n * Vulnerable if default behaviour has been changed ( By default, Microsoft Office opens documents from the internet in Protected View or Application Guard for Office both of which prevent the current attack ) \n\n * Requires social engineering to be exploited \n\n * Workaround easy to deploy\n\n**ccondon-r7** at September 07, 2021 7:12pm UTC reported:\n\n * Vulnerable if default behaviour has been changed ( By default, Microsoft Office opens documents from the internet in Protected View or Application Guard for Office both of which prevent the current attack ) \n\n * Requires social engineering to be exploited \n\n * Workaround easy to deploy\n\n**nu11secur1ty** at September 22, 2021 4:28pm UTC reported:\n\n * Vulnerable if default behaviour has been changed ( By default, Microsoft Office opens documents from the internet in Protected View or Application Guard for Office both of which prevent the current attack ) \n\n * Requires social engineering to be exploited \n\n * Workaround easy to deploy\n\n**NinjaOperator** at September 07, 2021 6:45pm UTC reported:\n\n * Vulnerable if default behaviour has been changed ( By default, Microsoft Office opens documents from the internet in Protected View or Application Guard for Office both of which prevent the current attack ) \n\n * Requires social engineering to be exploited \n\n * Workaround easy to deploy\n\nAssessed Attacker Value: 3 \nAssessed Attacker Value: 3Assessed Attacker Value: 2\n", "published": "2021-09-15T00:00:00", "modified": "2021-09-25T00:00:00", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}, "cvss2": {}, "cvss3": {}, "href": "https://attackerkb.com/comments/d5168efc-757d-4584-a59f-dd75d566c156", "reporter": "AttackerKB", "references": ["https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-40444", "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-40444", "http://packetstormsecurity.com/files/164210/Microsoft-Windows-MSHTML-Overview.html"], "cvelist": ["CVE-2021-40444"], "immutableFields": [], "lastseen": "2021-10-12T04:41:21", "history": [], "viewCount": 53, "enchantments": {"dependencies": {"references": [{"type": "cve", "idList": ["CVE-2021-40444"]}, {"type": "kitploit", "idList": ["KITPLOIT:5187040326820919368", "KITPLOIT:2590785192528609562", "KITPLOIT:698315176468431184", "KITPLOIT:942518396640901655", "KITPLOIT:3456474172768099634", "KITPLOIT:3697667464193804316", "KITPLOIT:4033244480100620751", "KITPLOIT:4074521293617632933", "KITPLOIT:1624142243530526923", "KITPLOIT:5550923684662771880", "KITPLOIT:5184284878903042540", "KITPLOIT:5230148353750207837"]}, {"type": "securelist", "idList": ["SECURELIST:63306FA6D056BD9A04969409AC790D84"]}, {"type": "cisa", "idList": ["CISA:C70D91615E3DC8B589B493118D474566"]}, {"type": "mmpc", "idList": ["MMPC:795E0A765679492C51FEFA2B19EAD597"]}, {"type": "mssecure", "idList": ["MSSECURE:795E0A765679492C51FEFA2B19EAD597"]}, {"type": "trendmicroblog", "idList": ["TRENDMICROBLOG:E17B66F8728189778826A0F497A540F2", "TRENDMICROBLOG:E0C479F55DF4C53A47CA2170110555AE"]}, {"type": "nessus", "idList": ["SMB_NT_MS21_SEP_5005613.NASL", "SMB_NT_MS21_SEP_5005569.NASL", "SMB_NT_MS21_SEP_INTERNET_EXPLORER.NASL", "SMB_NT_MS21_IE_SEPT_2021.NASL", "SMB_NT_MS21_SEP_5005573.NASL", "SMB_NT_MS21_SEP_5005565.NASL", "SMB_NT_MS21_SEP_5005566.NASL", "SMB_NT_MS21_SEP_5005568.NASL"]}, {"type": "thn", "idList": ["THN:D4E86BD8938D3B2E15104CA4922A51F8", "THN:59AE75C78D4644BFA6AD90225B3DE0C1", "THN:67ECC712AB360F5A56F2434CDBF6B51F"]}, {"type": "kaspersky", "idList": ["KLA12277", "KLA12278"]}, {"type": "malwarebytes", "idList": ["MALWAREBYTES:DB54B348AF1AC41987150B5CE7B1BC66", "MALWAREBYTES:801E20618F96EF51F9E60F7BC7906C2B", "MALWAREBYTES:76333D1F0FCAFD79FA2EDD4A4CAFBB38"]}, {"type": "threatpost", "idList": ["THREATPOST:6D61C560E85ECD0A7A35C55E74849510", "THREATPOST:62DC935BF4DB4EF8A4F1E83519B1D5CD", "THREATPOST:3C3F20C93519036CC712D1CA3A6D7C48"]}, {"type": "krebs", "idList": ["KREBS:2EC42B845847A6DCFE50ECEB9FF61C29", "KREBS:409088FC2DFC219B74043104C2B672CC"]}, {"type": "mscve", "idList": ["MS:CVE-2021-40444"]}, {"type": "mskb", "idList": ["KB5005563"]}, {"type": "avleonov", "idList": ["AVLEONOV:5945665DFA613F7707360C10CED8C916"]}, {"type": "rapid7blog", "idList": ["RAPID7BLOG:CC071AA6971D64B0F7A596B2BBD5F046"]}, {"type": "qualysblog", "idList": ["QUALYSBLOG:5576D16DC39617927D8AEFF027CC0911"]}], "modified": "2021-10-12T01:42:18", "rev": 2}, "score": {"value": 4.4, "vector": "NONE", "modified": "2021-10-12T01:42:18", "rev": 2}}, "objectVersion": "1.6", "attackerkb": {"attackerValue": 3, "exploitability": 2}, "wildExploited": true, "wildExploitedCategory": {"Vendor Advisory": "", "News Article or Blog": ""}, "wildExploitedReports": [{"category": "Vendor Advisory", "source_url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-40444", "published": "2021-09-07T18:47:00"}, {"category": "Vendor Advisory", "source_url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-40444", "published": "2021-09-07T22:50:00"}, {"category": "Vendor Advisory", "source_url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-40444", "published": "2021-09-09T09:55:00"}, {"category": "News Article or Blog", "source_url": "", "published": "2021-09-10T05:06:00"}, {"category": "Vendor Advisory", "source_url": "https://www.microsoft.com/security/blog/2021/09/15/analyzing-attacks-that-exploit-the-mshtml-cve-2021-40444-vulnerability/", "published": "2021-09-17T14:53:00"}, {"category": "Threat Feed", "source_url": "", "published": "2021-09-17T14:53:00"}], "references_categories": {"Canonical": ["https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-40444"], "Miscellaneous": ["https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-40444", "http://packetstormsecurity.com/files/164210/Microsoft-Windows-MSHTML-Overview.html"]}, "tags": ["requires_interaction", "obscure_configuration"], "mitre_vector": {"Execution": ["Command and Scripting Interpreter: Windows Command Shell(Validated)", "Exploitation for Client Execution(Validated)", "User Execution(Validated)"]}, "last_activity": "2021-09-25T00:00:00"}, "lastseen": "2021-10-12T04:41:21", "differentElements": ["href"], "edition": 87}, {"bulletin": {"id": "AKB:F7CCD0B7-220B-49E5-A4DF-27E26B64A3F0", "hash": "3d52b470d5472513daaca763ba17c977", "type": "attackerkb", "bulletinFamily": "info", "title": "CVE-2021-40444", "description": "Microsoft MSHTML Remote Code Execution Vulnerability\n\n \n**Recent assessments:** \n \n**JunquerGJ** at September 07, 2021 10:50pm UTC reported:\n\n * Vulnerable if default behaviour has been changed ( By default, Microsoft Office opens documents from the internet in Protected View or Application Guard for Office both of which prevent the current attack ) \n\n * Requires social engineering to be exploited \n\n * Workaround easy to deploy\n\n**ccondon-r7** at September 07, 2021 7:12pm UTC reported:\n\n * Vulnerable if default behaviour has been changed ( By default, Microsoft Office opens documents from the internet in Protected View or Application Guard for Office both of which prevent the current attack ) \n\n * Requires social engineering to be exploited \n\n * Workaround easy to deploy\n\n**nu11secur1ty** at September 22, 2021 4:28pm UTC reported:\n\n * Vulnerable if default behaviour has been changed ( By default, Microsoft Office opens documents from the internet in Protected View or Application Guard for Office both of which prevent the current attack ) \n\n * Requires social engineering to be exploited \n\n * Workaround easy to deploy\n\n**NinjaOperator** at September 07, 2021 6:45pm UTC reported:\n\n * Vulnerable if default behaviour has been changed ( By default, Microsoft Office opens documents from the internet in Protected View or Application Guard for Office both of which prevent the current attack ) \n\n * Requires social engineering to be exploited \n\n * Workaround easy to deploy\n\nAssessed Attacker Value: 3 \nAssessed Attacker Value: 3Assessed Attacker Value: 2\n", "published": "2021-09-15T00:00:00", "modified": "2021-09-25T00:00:00", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}, "cvss2": {}, "cvss3": {}, "href": "https://attackerkb.com/topics/6ojqzQoPox/cve-2021-40444", "reporter": "AttackerKB", "references": ["https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-40444", "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-40444", "http://packetstormsecurity.com/files/164210/Microsoft-Windows-MSHTML-Overview.html"], "cvelist": ["CVE-2021-40444"], "immutableFields": [], "lastseen": "2021-10-12T07:48:07", "history": [], "viewCount": 53, "enchantments": {"dependencies": {"references": [{"type": "cve", "idList": ["CVE-2021-40444"]}, {"type": "kitploit", "idList": ["KITPLOIT:5187040326820919368", "KITPLOIT:2590785192528609562", "KITPLOIT:698315176468431184", "KITPLOIT:942518396640901655", "KITPLOIT:3456474172768099634", "KITPLOIT:3697667464193804316", "KITPLOIT:4033244480100620751", "KITPLOIT:4074521293617632933", "KITPLOIT:1624142243530526923", "KITPLOIT:5550923684662771880", "KITPLOIT:5184284878903042540", "KITPLOIT:5230148353750207837"]}, {"type": "securelist", "idList": ["SECURELIST:63306FA6D056BD9A04969409AC790D84"]}, {"type": "cisa", "idList": ["CISA:C70D91615E3DC8B589B493118D474566"]}, {"type": "mmpc", "idList": ["MMPC:795E0A765679492C51FEFA2B19EAD597"]}, {"type": "mssecure", "idList": ["MSSECURE:795E0A765679492C51FEFA2B19EAD597"]}, {"type": "trendmicroblog", "idList": ["TRENDMICROBLOG:E17B66F8728189778826A0F497A540F2", "TRENDMICROBLOG:E0C479F55DF4C53A47CA2170110555AE"]}, {"type": "nessus", "idList": ["SMB_NT_MS21_SEP_5005613.NASL", "SMB_NT_MS21_SEP_5005569.NASL", "SMB_NT_MS21_SEP_INTERNET_EXPLORER.NASL", "SMB_NT_MS21_IE_SEPT_2021.NASL", "SMB_NT_MS21_SEP_5005573.NASL", "SMB_NT_MS21_SEP_5005565.NASL", "SMB_NT_MS21_SEP_5005566.NASL", "SMB_NT_MS21_SEP_5005568.NASL"]}, {"type": "thn", "idList": ["THN:D4E86BD8938D3B2E15104CA4922A51F8", "THN:59AE75C78D4644BFA6AD90225B3DE0C1", "THN:67ECC712AB360F5A56F2434CDBF6B51F"]}, {"type": "kaspersky", "idList": ["KLA12277", "KLA12278"]}, {"type": "malwarebytes", "idList": ["MALWAREBYTES:DB54B348AF1AC41987150B5CE7B1BC66", "MALWAREBYTES:801E20618F96EF51F9E60F7BC7906C2B", "MALWAREBYTES:76333D1F0FCAFD79FA2EDD4A4CAFBB38"]}, {"type": "threatpost", "idList": ["THREATPOST:6D61C560E85ECD0A7A35C55E74849510", "THREATPOST:62DC935BF4DB4EF8A4F1E83519B1D5CD", "THREATPOST:3C3F20C93519036CC712D1CA3A6D7C48"]}, {"type": "krebs", "idList": ["KREBS:2EC42B845847A6DCFE50ECEB9FF61C29", "KREBS:409088FC2DFC219B74043104C2B672CC"]}, {"type": "mscve", "idList": ["MS:CVE-2021-40444"]}, {"type": "mskb", "idList": ["KB5005563"]}, {"type": "avleonov", "idList": ["AVLEONOV:5945665DFA613F7707360C10CED8C916"]}, {"type": "rapid7blog", "idList": ["RAPID7BLOG:CC071AA6971D64B0F7A596B2BBD5F046"]}, {"type": "qualysblog", "idList": ["QUALYSBLOG:5576D16DC39617927D8AEFF027CC0911"]}], "modified": "2021-10-12T01:42:18", "rev": 2}, "score": {"value": 4.4, "vector": "NONE", "modified": "2021-10-12T01:42:18", "rev": 2}}, "objectVersion": "1.6", "attackerkb": {"attackerValue": 3, "exploitability": 2}, "wildExploited": true, "wildExploitedCategory": {"Vendor Advisory": "", "News Article or Blog": ""}, "wildExploitedReports": [{"category": "Vendor Advisory", "source_url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-40444", "published": "2021-09-07T18:47:00"}, {"category": "Vendor Advisory", "source_url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-40444", "published": "2021-09-07T22:50:00"}, {"category": "Vendor Advisory", "source_url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-40444", "published": "2021-09-09T09:55:00"}, {"category": "News Article or Blog", "source_url": "", "published": "2021-09-10T05:06:00"}, {"category": "Vendor Advisory", "source_url": "https://www.microsoft.com/security/blog/2021/09/15/analyzing-attacks-that-exploit-the-mshtml-cve-2021-40444-vulnerability/", "published": "2021-09-17T14:53:00"}, {"category": "Threat Feed", "source_url": "", "published": "2021-09-17T14:53:00"}], "references_categories": {"Canonical": ["https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-40444"], "Miscellaneous": ["https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-40444", "http://packetstormsecurity.com/files/164210/Microsoft-Windows-MSHTML-Overview.html"]}, "tags": ["requires_interaction", "obscure_configuration"], "mitre_vector": {"Execution": ["Command and Scripting Interpreter: Windows Command Shell(Validated)", "Exploitation for Client Execution(Validated)", "User Execution(Validated)"]}, "last_activity": "2021-09-25T00:00:00"}, "lastseen": "2021-10-12T07:48:07", "differentElements": ["href"], "edition": 88}, {"bulletin": {"id": "AKB:F7CCD0B7-220B-49E5-A4DF-27E26B64A3F0", "hash": "f895324dfc94580c2fd6a7d9a0f2f27a", "type": "attackerkb", "bulletinFamily": "info", "title": "CVE-2021-40444", "description": "Microsoft MSHTML Remote Code Execution Vulnerability\n\n \n**Recent assessments:** \n \n**JunquerGJ** at September 07, 2021 10:50pm UTC reported:\n\n * Vulnerable if default behaviour has been changed ( By default, Microsoft Office opens documents from the internet in Protected View or Application Guard for Office both of which prevent the current attack ) \n\n * Requires social engineering to be exploited \n\n * Workaround easy to deploy\n\n**ccondon-r7** at September 07, 2021 7:12pm UTC reported:\n\n * Vulnerable if default behaviour has been changed ( By default, Microsoft Office opens documents from the internet in Protected View or Application Guard for Office both of which prevent the current attack ) \n\n * Requires social engineering to be exploited \n\n * Workaround easy to deploy\n\n**nu11secur1ty** at September 22, 2021 4:28pm UTC reported:\n\n * Vulnerable if default behaviour has been changed ( By default, Microsoft Office opens documents from the internet in Protected View or Application Guard for Office both of which prevent the current attack ) \n\n * Requires social engineering to be exploited \n\n * Workaround easy to deploy\n\n**NinjaOperator** at September 07, 2021 6:45pm UTC reported:\n\n * Vulnerable if default behaviour has been changed ( By default, Microsoft Office opens documents from the internet in Protected View or Application Guard for Office both of which prevent the current attack ) \n\n * Requires social engineering to be exploited \n\n * Workaround easy to deploy\n\nAssessed Attacker Value: 3 \nAssessed Attacker Value: 3Assessed Attacker Value: 2\n", "published": "2021-09-15T00:00:00", "modified": "2021-09-25T00:00:00", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}, "cvss2": {}, "cvss3": {}, "href": "https://attackerkb.com/comments/d5168efc-757d-4584-a59f-dd75d566c156", "reporter": "AttackerKB", "references": ["https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-40444", "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-40444", "http://packetstormsecurity.com/files/164210/Microsoft-Windows-MSHTML-Overview.html"], "cvelist": ["CVE-2021-40444"], "immutableFields": [], "lastseen": "2021-10-12T10:41:24", "history": [], "viewCount": 53, "enchantments": {"dependencies": {"references": [{"type": "cve", "idList": ["CVE-2021-40444"]}, {"type": "kitploit", "idList": ["KITPLOIT:5187040326820919368", "KITPLOIT:2590785192528609562", "KITPLOIT:698315176468431184", "KITPLOIT:942518396640901655", "KITPLOIT:3456474172768099634", "KITPLOIT:3697667464193804316", "KITPLOIT:4033244480100620751", "KITPLOIT:4074521293617632933", "KITPLOIT:1624142243530526923", "KITPLOIT:5550923684662771880", "KITPLOIT:5184284878903042540", "KITPLOIT:5230148353750207837"]}, {"type": "securelist", "idList": ["SECURELIST:63306FA6D056BD9A04969409AC790D84"]}, {"type": "cisa", "idList": ["CISA:C70D91615E3DC8B589B493118D474566"]}, {"type": "mmpc", "idList": ["MMPC:795E0A765679492C51FEFA2B19EAD597"]}, {"type": "mssecure", "idList": ["MSSECURE:795E0A765679492C51FEFA2B19EAD597"]}, {"type": "trendmicroblog", "idList": ["TRENDMICROBLOG:E17B66F8728189778826A0F497A540F2", "TRENDMICROBLOG:E0C479F55DF4C53A47CA2170110555AE"]}, {"type": "nessus", "idList": ["SMB_NT_MS21_SEP_5005613.NASL", "SMB_NT_MS21_SEP_5005569.NASL", "SMB_NT_MS21_SEP_INTERNET_EXPLORER.NASL", "SMB_NT_MS21_IE_SEPT_2021.NASL", "SMB_NT_MS21_SEP_5005573.NASL", "SMB_NT_MS21_SEP_5005565.NASL", "SMB_NT_MS21_SEP_5005566.NASL", "SMB_NT_MS21_SEP_5005568.NASL"]}, {"type": "thn", "idList": ["THN:D4E86BD8938D3B2E15104CA4922A51F8", "THN:59AE75C78D4644BFA6AD90225B3DE0C1", "THN:67ECC712AB360F5A56F2434CDBF6B51F"]}, {"type": "kaspersky", "idList": ["KLA12277", "KLA12278"]}, {"type": "malwarebytes", "idList": ["MALWAREBYTES:DB54B348AF1AC41987150B5CE7B1BC66", "MALWAREBYTES:801E20618F96EF51F9E60F7BC7906C2B", "MALWAREBYTES:76333D1F0FCAFD79FA2EDD4A4CAFBB38"]}, {"type": "threatpost", "idList": ["THREATPOST:6D61C560E85ECD0A7A35C55E74849510", "THREATPOST:62DC935BF4DB4EF8A4F1E83519B1D5CD", "THREATPOST:3C3F20C93519036CC712D1CA3A6D7C48"]}, {"type": "krebs", "idList": ["KREBS:2EC42B845847A6DCFE50ECEB9FF61C29", "KREBS:409088FC2DFC219B74043104C2B672CC"]}, {"type": "mscve", "idList": ["MS:CVE-2021-40444"]}, {"type": "mskb", "idList": ["KB5005563"]}, {"type": "avleonov", "idList": ["AVLEONOV:5945665DFA613F7707360C10CED8C916"]}, {"type": "rapid7blog", "idList": ["RAPID7BLOG:CC071AA6971D64B0F7A596B2BBD5F046"]}, {"type": "qualysblog", "idList": ["QUALYSBLOG:5576D16DC39617927D8AEFF027CC0911"]}], "modified": "2021-10-12T01:42:18", "rev": 2}, "score": {"value": 4.4, "vector": "NONE", "modified": "2021-10-12T01:42:18", "rev": 2}}, "objectVersion": "1.6", "attackerkb": {"attackerValue": 3, "exploitability": 2}, "wildExploited": true, "wildExploitedCategory": {"Vendor Advisory": "", "News Article or Blog": ""}, "wildExploitedReports": [{"category": "Vendor Advisory", "source_url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-40444", "published": "2021-09-07T18:47:00"}, {"category": "Vendor Advisory", "source_url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-40444", "published": "2021-09-07T22:50:00"}, {"category": "Vendor Advisory", "source_url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-40444", "published": "2021-09-09T09:55:00"}, {"category": "News Article or Blog", "source_url": "", "published": "2021-09-10T05:06:00"}, {"category": "Vendor Advisory", "source_url": "https://www.microsoft.com/security/blog/2021/09/15/analyzing-attacks-that-exploit-the-mshtml-cve-2021-40444-vulnerability/", "published": "2021-09-17T14:53:00"}, {"category": "Threat Feed", "source_url": "", "published": "2021-09-17T14:53:00"}], "references_categories": {"Canonical": ["https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-40444"], "Miscellaneous": ["https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-40444", "http://packetstormsecurity.com/files/164210/Microsoft-Windows-MSHTML-Overview.html"]}, "tags": ["requires_interaction", "obscure_configuration"], "mitre_vector": {"Execution": ["Command and Scripting Interpreter: Windows Command Shell(Validated)", "Exploitation for Client Execution(Validated)", "User Execution(Validated)"]}, "last_activity": "2021-09-25T00:00:00"}, "lastseen": "2021-10-12T10:41:24", "differentElements": ["href"], "edition": 89}, {"bulletin": {"id": "AKB:F7CCD0B7-220B-49E5-A4DF-27E26B64A3F0", "hash": "3d52b470d5472513daaca763ba17c977", "type": "attackerkb", "bulletinFamily": "info", "title": "CVE-2021-40444", "description": "Microsoft MSHTML Remote Code Execution Vulnerability\n\n \n**Recent assessments:** \n \n**JunquerGJ** at September 07, 2021 10:50pm UTC reported:\n\n * Vulnerable if default behaviour has been changed ( By default, Microsoft Office opens documents from the internet in Protected View or Application Guard for Office both of which prevent the current attack ) \n\n * Requires social engineering to be exploited \n\n * Workaround easy to deploy\n\n**ccondon-r7** at September 07, 2021 7:12pm UTC reported:\n\n * Vulnerable if default behaviour has been changed ( By default, Microsoft Office opens documents from the internet in Protected View or Application Guard for Office both of which prevent the current attack ) \n\n * Requires social engineering to be exploited \n\n * Workaround easy to deploy\n\n**nu11secur1ty** at September 22, 2021 4:28pm UTC reported:\n\n * Vulnerable if default behaviour has been changed ( By default, Microsoft Office opens documents from the internet in Protected View or Application Guard for Office both of which prevent the current attack ) \n\n * Requires social engineering to be exploited \n\n * Workaround easy to deploy\n\n**NinjaOperator** at September 07, 2021 6:45pm UTC reported:\n\n * Vulnerable if default behaviour has been changed ( By default, Microsoft Office opens documents from the internet in Protected View or Application Guard for Office both of which prevent the current attack ) \n\n * Requires social engineering to be exploited \n\n * Workaround easy to deploy\n\nAssessed Attacker Value: 3 \nAssessed Attacker Value: 3Assessed Attacker Value: 2\n", "published": "2021-09-15T00:00:00", "modified": "2021-09-25T00:00:00", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}, "cvss2": {}, "cvss3": {}, "href": "https://attackerkb.com/topics/6ojqzQoPox/cve-2021-40444", "reporter": "AttackerKB", "references": ["https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-40444", "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-40444", "http://packetstormsecurity.com/files/164210/Microsoft-Windows-MSHTML-Overview.html"], "cvelist": ["CVE-2021-40444"], "immutableFields": [], "lastseen": "2021-10-12T10:41:30", "history": [], "viewCount": 53, "enchantments": {"dependencies": {"references": [{"type": "cve", "idList": ["CVE-2021-40444"]}, {"type": "kitploit", "idList": ["KITPLOIT:5187040326820919368", "KITPLOIT:2590785192528609562", "KITPLOIT:698315176468431184", "KITPLOIT:942518396640901655", "KITPLOIT:3456474172768099634", "KITPLOIT:3697667464193804316", "KITPLOIT:4033244480100620751", "KITPLOIT:4074521293617632933", "KITPLOIT:1624142243530526923", "KITPLOIT:5550923684662771880", "KITPLOIT:5184284878903042540", "KITPLOIT:5230148353750207837"]}, {"type": "securelist", "idList": ["SECURELIST:63306FA6D056BD9A04969409AC790D84"]}, {"type": "cisa", "idList": ["CISA:C70D91615E3DC8B589B493118D474566"]}, {"type": "mmpc", "idList": ["MMPC:795E0A765679492C51FEFA2B19EAD597"]}, {"type": "mssecure", "idList": ["MSSECURE:795E0A765679492C51FEFA2B19EAD597"]}, {"type": "trendmicroblog", "idList": ["TRENDMICROBLOG:E17B66F8728189778826A0F497A540F2", "TRENDMICROBLOG:E0C479F55DF4C53A47CA2170110555AE"]}, {"type": "nessus", "idList": ["SMB_NT_MS21_SEP_5005613.NASL", "SMB_NT_MS21_SEP_5005569.NASL", "SMB_NT_MS21_SEP_INTERNET_EXPLORER.NASL", "SMB_NT_MS21_IE_SEPT_2021.NASL", "SMB_NT_MS21_SEP_5005573.NASL", "SMB_NT_MS21_SEP_5005565.NASL", "SMB_NT_MS21_SEP_5005566.NASL", "SMB_NT_MS21_SEP_5005568.NASL"]}, {"type": "thn", "idList": ["THN:D4E86BD8938D3B2E15104CA4922A51F8", "THN:59AE75C78D4644BFA6AD90225B3DE0C1", "THN:67ECC712AB360F5A56F2434CDBF6B51F"]}, {"type": "kaspersky", "idList": ["KLA12277", "KLA12278"]}, {"type": "malwarebytes", "idList": ["MALWAREBYTES:DB54B348AF1AC41987150B5CE7B1BC66", "MALWAREBYTES:801E20618F96EF51F9E60F7BC7906C2B", "MALWAREBYTES:76333D1F0FCAFD79FA2EDD4A4CAFBB38"]}, {"type": "threatpost", "idList": ["THREATPOST:6D61C560E85ECD0A7A35C55E74849510", "THREATPOST:62DC935BF4DB4EF8A4F1E83519B1D5CD", "THREATPOST:3C3F20C93519036CC712D1CA3A6D7C48"]}, {"type": "krebs", "idList": ["KREBS:2EC42B845847A6DCFE50ECEB9FF61C29", "KREBS:409088FC2DFC219B74043104C2B672CC"]}, {"type": "mscve", "idList": ["MS:CVE-2021-40444"]}, {"type": "mskb", "idList": ["KB5005563"]}, {"type": "avleonov", "idList": ["AVLEONOV:5945665DFA613F7707360C10CED8C916"]}, {"type": "rapid7blog", "idList": ["RAPID7BLOG:CC071AA6971D64B0F7A596B2BBD5F046"]}, {"type": "qualysblog", "idList": ["QUALYSBLOG:5576D16DC39617927D8AEFF027CC0911"]}], "modified": "2021-10-12T01:42:18", "rev": 2}, "score": {"value": 4.4, "vector": "NONE", "modified": "2021-10-12T01:42:18", "rev": 2}}, "objectVersion": "1.6", "attackerkb": {"attackerValue": 3, "exploitability": 2}, "wildExploited": true, "wildExploitedCategory": {"Vendor Advisory": "", "News Article or Blog": ""}, "wildExploitedReports": [{"category": "Vendor Advisory", "source_url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-40444", "published": "2021-09-07T18:47:00"}, {"category": "Vendor Advisory", "source_url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-40444", "published": "2021-09-07T22:50:00"}, {"category": "Vendor Advisory", "source_url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-40444", "published": "2021-09-09T09:55:00"}, {"category": "News Article or Blog", "source_url": "", "published": "2021-09-10T05:06:00"}, {"category": "Vendor Advisory", "source_url": "https://www.microsoft.com/security/blog/2021/09/15/analyzing-attacks-that-exploit-the-mshtml-cve-2021-40444-vulnerability/", "published": "2021-09-17T14:53:00"}, {"category": "Threat Feed", "source_url": "", "published": "2021-09-17T14:53:00"}], "references_categories": {"Canonical": ["https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-40444"], "Miscellaneous": ["https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-40444", "http://packetstormsecurity.com/files/164210/Microsoft-Windows-MSHTML-Overview.html"]}, "tags": ["requires_interaction", "obscure_configuration"], "mitre_vector": {"Execution": ["Command and Scripting Interpreter: Windows Command Shell(Validated)", "Exploitation for Client Execution(Validated)", "User Execution(Validated)"]}, "last_activity": "2021-09-25T00:00:00"}, "lastseen": "2021-10-12T10:41:30", "differentElements": ["href"], "edition": 90}, {"bulletin": {"id": "AKB:F7CCD0B7-220B-49E5-A4DF-27E26B64A3F0", "hash": "f895324dfc94580c2fd6a7d9a0f2f27a", "type": "attackerkb", "bulletinFamily": "info", "title": "CVE-2021-40444", "description": "Microsoft MSHTML Remote Code Execution Vulnerability\n\n \n**Recent assessments:** \n \n**JunquerGJ** at September 07, 2021 10:50pm UTC reported:\n\n * Vulnerable if default behaviour has been changed ( By default, Microsoft Office opens documents from the internet in Protected View or Application Guard for Office both of which prevent the current attack ) \n\n * Requires social engineering to be exploited \n\n * Workaround easy to deploy\n\n**ccondon-r7** at September 07, 2021 7:12pm UTC reported:\n\n * Vulnerable if default behaviour has been changed ( By default, Microsoft Office opens documents from the internet in Protected View or Application Guard for Office both of which prevent the current attack ) \n\n * Requires social engineering to be exploited \n\n * Workaround easy to deploy\n\n**nu11secur1ty** at September 22, 2021 4:28pm UTC reported:\n\n * Vulnerable if default behaviour has been changed ( By default, Microsoft Office opens documents from the internet in Protected View or Application Guard for Office both of which prevent the current attack ) \n\n * Requires social engineering to be exploited \n\n * Workaround easy to deploy\n\n**NinjaOperator** at September 07, 2021 6:45pm UTC reported:\n\n * Vulnerable if default behaviour has been changed ( By default, Microsoft Office opens documents from the internet in Protected View or Application Guard for Office both of which prevent the current attack ) \n\n * Requires social engineering to be exploited \n\n * Workaround easy to deploy\n\nAssessed Attacker Value: 3 \nAssessed Attacker Value: 3Assessed Attacker Value: 2\n", "published": "2021-09-15T00:00:00", "modified": "2021-09-25T00:00:00", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}, "cvss2": {}, "cvss3": {}, "href": "https://attackerkb.com/comments/d5168efc-757d-4584-a59f-dd75d566c156", "reporter": "AttackerKB", "references": ["https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-40444", "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-40444", "http://packetstormsecurity.com/files/164210/Microsoft-Windows-MSHTML-Overview.html"], "cvelist": ["CVE-2021-40444"], "immutableFields": [], "lastseen": "2021-10-12T13:41:17", "history": [], "viewCount": 53, "enchantments": {"dependencies": {"references": [{"type": "cve", "idList": ["CVE-2021-40444"]}, {"type": "kitploit", "idList": ["KITPLOIT:5187040326820919368", "KITPLOIT:2590785192528609562", "KITPLOIT:698315176468431184", "KITPLOIT:942518396640901655", "KITPLOIT:3456474172768099634", "KITPLOIT:3697667464193804316", "KITPLOIT:4033244480100620751", "KITPLOIT:4074521293617632933", "KITPLOIT:1624142243530526923", "KITPLOIT:5550923684662771880", "KITPLOIT:5184284878903042540", "KITPLOIT:5230148353750207837"]}, {"type": "securelist", "idList": ["SECURELIST:63306FA6D056BD9A04969409AC790D84"]}, {"type": "cisa", "idList": ["CISA:C70D91615E3DC8B589B493118D474566"]}, {"type": "mmpc", "idList": ["MMPC:795E0A765679492C51FEFA2B19EAD597"]}, {"type": "mssecure", "idList": ["MSSECURE:795E0A765679492C51FEFA2B19EAD597"]}, {"type": "trendmicroblog", "idList": ["TRENDMICROBLOG:E17B66F8728189778826A0F497A540F2", "TRENDMICROBLOG:E0C479F55DF4C53A47CA2170110555AE"]}, {"type": "nessus", "idList": ["SMB_NT_MS21_SEP_5005613.NASL", "SMB_NT_MS21_SEP_5005569.NASL", "SMB_NT_MS21_SEP_INTERNET_EXPLORER.NASL", "SMB_NT_MS21_IE_SEPT_2021.NASL", "SMB_NT_MS21_SEP_5005573.NASL", "SMB_NT_MS21_SEP_5005565.NASL", "SMB_NT_MS21_SEP_5005566.NASL", "SMB_NT_MS21_SEP_5005568.NASL"]}, {"type": "thn", "idList": ["THN:D4E86BD8938D3B2E15104CA4922A51F8", "THN:59AE75C78D4644BFA6AD90225B3DE0C1", "THN:67ECC712AB360F5A56F2434CDBF6B51F"]}, {"type": "kaspersky", "idList": ["KLA12277", "KLA12278"]}, {"type": "malwarebytes", "idList": ["MALWAREBYTES:DB54B348AF1AC41987150B5CE7B1BC66", "MALWAREBYTES:801E20618F96EF51F9E60F7BC7906C2B", "MALWAREBYTES:76333D1F0FCAFD79FA2EDD4A4CAFBB38"]}, {"type": "threatpost", "idList": ["THREATPOST:6D61C560E85ECD0A7A35C55E74849510", "THREATPOST:62DC935BF4DB4EF8A4F1E83519B1D5CD", "THREATPOST:3C3F20C93519036CC712D1CA3A6D7C48"]}, {"type": "krebs", "idList": ["KREBS:2EC42B845847A6DCFE50ECEB9FF61C29", "KREBS:409088FC2DFC219B74043104C2B672CC"]}, {"type": "mscve", "idList": ["MS:CVE-2021-40444"]}, {"type": "mskb", "idList": ["KB5005563"]}, {"type": "avleonov", "idList": ["AVLEONOV:5945665DFA613F7707360C10CED8C916"]}, {"type": "rapid7blog", "idList": ["RAPID7BLOG:CC071AA6971D64B0F7A596B2BBD5F046"]}, {"type": "qualysblog", "idList": ["QUALYSBLOG:5576D16DC39617927D8AEFF027CC0911"]}], "modified": "2021-10-12T01:42:18", "rev": 2}, "score": {"value": 4.4, "vector": "NONE", "modified": "2021-10-12T01:42:18", "rev": 2}}, "objectVersion": "1.6", "attackerkb": {"attackerValue": 3, "exploitability": 2}, "wildExploited": true, "wildExploitedCategory": {"Vendor Advisory": "", "News Article or Blog": ""}, "wildExploitedReports": [{"category": "Vendor Advisory", "source_url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-40444", "published": "2021-09-07T18:47:00"}, {"category": "Vendor Advisory", "source_url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-40444", "published": "2021-09-07T22:50:00"}, {"category": "Vendor Advisory", "source_url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-40444", "published": "2021-09-09T09:55:00"}, {"category": "News Article or Blog", "source_url": "", "published": "2021-09-10T05:06:00"}, {"category": "Vendor Advisory", "source_url": "https://www.microsoft.com/security/blog/2021/09/15/analyzing-attacks-that-exploit-the-mshtml-cve-2021-40444-vulnerability/", "published": "2021-09-17T14:53:00"}, {"category": "Threat Feed", "source_url": "", "published": "2021-09-17T14:53:00"}], "references_categories": {"Canonical": ["https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-40444"], "Miscellaneous": ["https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-40444", "http://packetstormsecurity.com/files/164210/Microsoft-Windows-MSHTML-Overview.html"]}, "tags": ["requires_interaction", "obscure_configuration"], "mitre_vector": {"Execution": ["Command and Scripting Interpreter: Windows Command Shell(Validated)", "Exploitation for Client Execution(Validated)", "User Execution(Validated)"]}, "last_activity": "2021-09-25T00:00:00"}, "lastseen": "2021-10-12T13:41:17", "differentElements": ["href"], "edition": 91}, {"bulletin": {"id": "AKB:F7CCD0B7-220B-49E5-A4DF-27E26B64A3F0", "hash": "3d52b470d5472513daaca763ba17c977", "type": "attackerkb", "bulletinFamily": "info", "title": "CVE-2021-40444", "description": "Microsoft MSHTML Remote Code Execution Vulnerability\n\n \n**Recent assessments:** \n \n**JunquerGJ** at September 07, 2021 10:50pm UTC reported:\n\n * Vulnerable if default behaviour has been changed ( By default, Microsoft Office opens documents from the internet in Protected View or Application Guard for Office both of which prevent the current attack ) \n\n * Requires social engineering to be exploited \n\n * Workaround easy to deploy\n\n**ccondon-r7** at September 07, 2021 7:12pm UTC reported:\n\n * Vulnerable if default behaviour has been changed ( By default, Microsoft Office opens documents from the internet in Protected View or Application Guard for Office both of which prevent the current attack ) \n\n * Requires social engineering to be exploited \n\n * Workaround easy to deploy\n\n**nu11secur1ty** at September 22, 2021 4:28pm UTC reported:\n\n * Vulnerable if default behaviour has been changed ( By default, Microsoft Office opens documents from the internet in Protected View or Application Guard for Office both of which prevent the current attack ) \n\n * Requires social engineering to be exploited \n\n * Workaround easy to deploy\n\n**NinjaOperator** at September 07, 2021 6:45pm UTC reported:\n\n * Vulnerable if default behaviour has been changed ( By default, Microsoft Office opens documents from the internet in Protected View or Application Guard for Office both of which prevent the current attack ) \n\n * Requires social engineering to be exploited \n\n * Workaround easy to deploy\n\nAssessed Attacker Value: 3 \nAssessed Attacker Value: 3Assessed Attacker Value: 2\n", "published": "2021-09-15T00:00:00", "modified": "2021-09-25T00:00:00", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}, "cvss2": {}, "cvss3": {}, "href": "https://attackerkb.com/topics/6ojqzQoPox/cve-2021-40444", "reporter": "AttackerKB", "references": ["https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-40444", "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-40444", "http://packetstormsecurity.com/files/164210/Microsoft-Windows-MSHTML-Overview.html"], "cvelist": ["CVE-2021-40444"], "immutableFields": [], "lastseen": "2021-10-12T13:41:21", "history": [], "viewCount": 53, "enchantments": {"dependencies": {"references": [{"type": "cve", "idList": ["CVE-2021-40444"]}, {"type": "kitploit", "idList": ["KITPLOIT:5187040326820919368", "KITPLOIT:2590785192528609562", "KITPLOIT:698315176468431184", "KITPLOIT:942518396640901655", "KITPLOIT:3456474172768099634", "KITPLOIT:3697667464193804316", "KITPLOIT:4033244480100620751", "KITPLOIT:4074521293617632933", "KITPLOIT:1624142243530526923", "KITPLOIT:5550923684662771880", "KITPLOIT:5184284878903042540", "KITPLOIT:5230148353750207837"]}, {"type": "securelist", "idList": ["SECURELIST:63306FA6D056BD9A04969409AC790D84"]}, {"type": "cisa", "idList": ["CISA:C70D91615E3DC8B589B493118D474566"]}, {"type": "mmpc", "idList": ["MMPC:795E0A765679492C51FEFA2B19EAD597"]}, {"type": "mssecure", "idList": ["MSSECURE:795E0A765679492C51FEFA2B19EAD597"]}, {"type": "trendmicroblog", "idList": ["TRENDMICROBLOG:E17B66F8728189778826A0F497A540F2", "TRENDMICROBLOG:E0C479F55DF4C53A47CA2170110555AE"]}, {"type": "nessus", "idList": ["SMB_NT_MS21_SEP_5005613.NASL", "SMB_NT_MS21_SEP_5005569.NASL", "SMB_NT_MS21_SEP_INTERNET_EXPLORER.NASL", "SMB_NT_MS21_IE_SEPT_2021.NASL", "SMB_NT_MS21_SEP_5005573.NASL", "SMB_NT_MS21_SEP_5005565.NASL", "SMB_NT_MS21_SEP_5005566.NASL", "SMB_NT_MS21_SEP_5005568.NASL"]}, {"type": "thn", "idList": ["THN:D4E86BD8938D3B2E15104CA4922A51F8", "THN:59AE75C78D4644BFA6AD90225B3DE0C1", "THN:67ECC712AB360F5A56F2434CDBF6B51F"]}, {"type": "kaspersky", "idList": ["KLA12277", "KLA12278"]}, {"type": "malwarebytes", "idList": ["MALWAREBYTES:DB54B348AF1AC41987150B5CE7B1BC66", "MALWAREBYTES:801E20618F96EF51F9E60F7BC7906C2B", "MALWAREBYTES:76333D1F0FCAFD79FA2EDD4A4CAFBB38"]}, {"type": "threatpost", "idList": ["THREATPOST:6D61C560E85ECD0A7A35C55E74849510", "THREATPOST:62DC935BF4DB4EF8A4F1E83519B1D5CD", "THREATPOST:3C3F20C93519036CC712D1CA3A6D7C48"]}, {"type": "krebs", "idList": ["KREBS:2EC42B845847A6DCFE50ECEB9FF61C29", "KREBS:409088FC2DFC219B74043104C2B672CC"]}, {"type": "mscve", "idList": ["MS:CVE-2021-40444"]}, {"type": "mskb", "idList": ["KB5005563"]}, {"type": "avleonov", "idList": ["AVLEONOV:5945665DFA613F7707360C10CED8C916"]}, {"type": "rapid7blog", "idList": ["RAPID7BLOG:CC071AA6971D64B0F7A596B2BBD5F046"]}, {"type": "qualysblog", "idList": ["QUALYSBLOG:5576D16DC39617927D8AEFF027CC0911"]}], "modified": "2021-10-12T01:42:18", "rev": 2}, "score": {"value": 4.4, "vector": "NONE", "modified": "2021-10-12T01:42:18", "rev": 2}}, "objectVersion": "1.6", "attackerkb": {"attackerValue": 3, "exploitability": 2}, "wildExploited": true, "wildExploitedCategory": {"Vendor Advisory": "", "News Article or Blog": ""}, "wildExploitedReports": [{"category": "Vendor Advisory", "source_url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-40444", "published": "2021-09-07T18:47:00"}, {"category": "Vendor Advisory", "source_url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-40444", "published": "2021-09-07T22:50:00"}, {"category": "Vendor Advisory", "source_url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-40444", "published": "2021-09-09T09:55:00"}, {"category": "News Article or Blog", "source_url": "", "published": "2021-09-10T05:06:00"}, {"category": "Vendor Advisory", "source_url": "https://www.microsoft.com/security/blog/2021/09/15/analyzing-attacks-that-exploit-the-mshtml-cve-2021-40444-vulnerability/", "published": "2021-09-17T14:53:00"}, {"category": "Threat Feed", "source_url": "", "published": "2021-09-17T14:53:00"}], "references_categories": {"Canonical": ["https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-40444"], "Miscellaneous": ["https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-40444", "http://packetstormsecurity.com/files/164210/Microsoft-Windows-MSHTML-Overview.html"]}, "tags": ["requires_interaction", "obscure_configuration"], "mitre_vector": {"Execution": ["Command and Scripting Interpreter: Windows Command Shell(Validated)", "Exploitation for Client Execution(Validated)", "User Execution(Validated)"]}, "last_activity": "2021-09-25T00:00:00"}, "lastseen": "2021-10-12T13:41:21", "differentElements": ["href"], "edition": 92}, {"bulletin": {"id": "AKB:F7CCD0B7-220B-49E5-A4DF-27E26B64A3F0", "hash": "f895324dfc94580c2fd6a7d9a0f2f27a", "type": "attackerkb", "bulletinFamily": "info", "title": "CVE-2021-40444", "description": "Microsoft MSHTML Remote Code Execution Vulnerability\n\n \n**Recent assessments:** \n \n**JunquerGJ** at September 07, 2021 10:50pm UTC reported:\n\n * Vulnerable if default behaviour has been changed ( By default, Microsoft Office opens documents from the internet in Protected View or Application Guard for Office both of which prevent the current attack ) \n\n * Requires social engineering to be exploited \n\n * Workaround easy to deploy\n\n**ccondon-r7** at September 07, 2021 7:12pm UTC reported:\n\n * Vulnerable if default behaviour has been changed ( By default, Microsoft Office opens documents from the internet in Protected View or Application Guard for Office both of which prevent the current attack ) \n\n * Requires social engineering to be exploited \n\n * Workaround easy to deploy\n\n**nu11secur1ty** at September 22, 2021 4:28pm UTC reported:\n\n * Vulnerable if default behaviour has been changed ( By default, Microsoft Office opens documents from the internet in Protected View or Application Guard for Office both of which prevent the current attack ) \n\n * Requires social engineering to be exploited \n\n * Workaround easy to deploy\n\n**NinjaOperator** at September 07, 2021 6:45pm UTC reported:\n\n * Vulnerable if default behaviour has been changed ( By default, Microsoft Office opens documents from the internet in Protected View or Application Guard for Office both of which prevent the current attack ) \n\n * Requires social engineering to be exploited \n\n * Workaround easy to deploy\n\nAssessed Attacker Value: 3 \nAssessed Attacker Value: 3Assessed Attacker Value: 2\n", "published": "2021-09-15T00:00:00", "modified": "2021-09-25T00:00:00", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}, "cvss2": {}, "cvss3": {}, "href": "https://attackerkb.com/comments/d5168efc-757d-4584-a59f-dd75d566c156", "reporter": "AttackerKB", "references": ["https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-40444", "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-40444", "http://packetstormsecurity.com/files/164210/Microsoft-Windows-MSHTML-Overview.html"], "cvelist": ["CVE-2021-40444"], "immutableFields": [], "lastseen": "2021-10-12T16:42:12", "history": [], "viewCount": 53, "enchantments": {"dependencies": {"references": [{"type": "cve", "idList": ["CVE-2021-40444"]}, {"type": "kitploit", "idList": ["KITPLOIT:5187040326820919368", "KITPLOIT:2590785192528609562", "KITPLOIT:698315176468431184", "KITPLOIT:942518396640901655", "KITPLOIT:3456474172768099634", "KITPLOIT:3697667464193804316", "KITPLOIT:4033244480100620751", "KITPLOIT:4074521293617632933", "KITPLOIT:1624142243530526923", "KITPLOIT:5550923684662771880", "KITPLOIT:5184284878903042540", "KITPLOIT:5230148353750207837"]}, {"type": "securelist", "idList": ["SECURELIST:63306FA6D056BD9A04969409AC790D84"]}, {"type": "cisa", "idList": ["CISA:C70D91615E3DC8B589B493118D474566"]}, {"type": "mmpc", "idList": ["MMPC:795E0A765679492C51FEFA2B19EAD597"]}, {"type": "mssecure", "idList": ["MSSECURE:795E0A765679492C51FEFA2B19EAD597"]}, {"type": "trendmicroblog", "idList": ["TRENDMICROBLOG:E17B66F8728189778826A0F497A540F2", "TRENDMICROBLOG:E0C479F55DF4C53A47CA2170110555AE"]}, {"type": "nessus", "idList": ["SMB_NT_MS21_SEP_5005613.NASL", "SMB_NT_MS21_SEP_5005569.NASL", "SMB_NT_MS21_SEP_INTERNET_EXPLORER.NASL", "SMB_NT_MS21_IE_SEPT_2021.NASL", "SMB_NT_MS21_SEP_5005573.NASL", "SMB_NT_MS21_SEP_5005565.NASL", "SMB_NT_MS21_SEP_5005566.NASL", "SMB_NT_MS21_SEP_5005568.NASL"]}, {"type": "thn", "idList": ["THN:D4E86BD8938D3B2E15104CA4922A51F8", "THN:59AE75C78D4644BFA6AD90225B3DE0C1", "THN:67ECC712AB360F5A56F2434CDBF6B51F"]}, {"type": "kaspersky", "idList": ["KLA12277", "KLA12278"]}, {"type": "malwarebytes", "idList": ["MALWAREBYTES:DB54B348AF1AC41987150B5CE7B1BC66", "MALWAREBYTES:801E20618F96EF51F9E60F7BC7906C2B", "MALWAREBYTES:76333D1F0FCAFD79FA2EDD4A4CAFBB38"]}, {"type": "threatpost", "idList": ["THREATPOST:6D61C560E85ECD0A7A35C55E74849510", "THREATPOST:62DC935BF4DB4EF8A4F1E83519B1D5CD", "THREATPOST:3C3F20C93519036CC712D1CA3A6D7C48"]}, {"type": "krebs", "idList": ["KREBS:2EC42B845847A6DCFE50ECEB9FF61C29", "KREBS:409088FC2DFC219B74043104C2B672CC"]}, {"type": "mscve", "idList": ["MS:CVE-2021-40444"]}, {"type": "mskb", "idList": ["KB5005563"]}, {"type": "avleonov", "idList": ["AVLEONOV:5945665DFA613F7707360C10CED8C916"]}, {"type": "rapid7blog", "idList": ["RAPID7BLOG:CC071AA6971D64B0F7A596B2BBD5F046"]}, {"type": "qualysblog", "idList": ["QUALYSBLOG:5576D16DC39617927D8AEFF027CC0911"]}], "modified": "2021-10-12T01:42:18", "rev": 2}, "score": {"value": 4.4, "vector": "NONE", "modified": "2021-10-12T01:42:18", "rev": 2}}, "objectVersion": "1.6", "attackerkb": {"attackerValue": 3, "exploitability": 2}, "wildExploited": true, "wildExploitedCategory": {"Vendor Advisory": "", "News Article or Blog": ""}, "wildExploitedReports": [{"category": "Vendor Advisory", "source_url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-40444", "published": "2021-09-07T18:47:00"}, {"category": "Vendor Advisory", "source_url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-40444", "published": "2021-09-07T22:50:00"}, {"category": "Vendor Advisory", "source_url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-40444", "published": "2021-09-09T09:55:00"}, {"category": "News Article or Blog", "source_url": "", "published": "2021-09-10T05:06:00"}, {"category": "Vendor Advisory", "source_url": "https://www.microsoft.com/security/blog/2021/09/15/analyzing-attacks-that-exploit-the-mshtml-cve-2021-40444-vulnerability/", "published": "2021-09-17T14:53:00"}, {"category": "Threat Feed", "source_url": "", "published": "2021-09-17T14:53:00"}], "references_categories": {"Canonical": ["https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-40444"], "Miscellaneous": ["https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-40444", "http://packetstormsecurity.com/files/164210/Microsoft-Windows-MSHTML-Overview.html"]}, "tags": ["requires_interaction", "obscure_configuration"], "mitre_vector": {"Execution": ["Command and Scripting Interpreter: Windows Command Shell(Validated)", "Exploitation for Client Execution(Validated)", "User Execution(Validated)"]}, "last_activity": "2021-09-25T00:00:00"}, "lastseen": "2021-10-12T16:42:12", "differentElements": ["href"], "edition": 93}, {"bulletin": {"id": "AKB:F7CCD0B7-220B-49E5-A4DF-27E26B64A3F0", "hash": "3d52b470d5472513daaca763ba17c977", "type": "attackerkb", "bulletinFamily": "info", "title": "CVE-2021-40444", "description": "Microsoft MSHTML Remote Code Execution Vulnerability\n\n \n**Recent assessments:** \n \n**JunquerGJ** at September 07, 2021 10:50pm UTC reported:\n\n * Vulnerable if default behaviour has been changed ( By default, Microsoft Office opens documents from the internet in Protected View or Application Guard for Office both of which prevent the current attack ) \n\n * Requires social engineering to be exploited \n\n * Workaround easy to deploy\n\n**ccondon-r7** at September 07, 2021 7:12pm UTC reported:\n\n * Vulnerable if default behaviour has been changed ( By default, Microsoft Office opens documents from the internet in Protected View or Application Guard for Office both of which prevent the current attack ) \n\n * Requires social engineering to be exploited \n\n * Workaround easy to deploy\n\n**nu11secur1ty** at September 22, 2021 4:28pm UTC reported:\n\n * Vulnerable if default behaviour has been changed ( By default, Microsoft Office opens documents from the internet in Protected View or Application Guard for Office both of which prevent the current attack ) \n\n * Requires social engineering to be exploited \n\n * Workaround easy to deploy\n\n**NinjaOperator** at September 07, 2021 6:45pm UTC reported:\n\n * Vulnerable if default behaviour has been changed ( By default, Microsoft Office opens documents from the internet in Protected View or Application Guard for Office both of which prevent the current attack ) \n\n * Requires social engineering to be exploited \n\n * Workaround easy to deploy\n\nAssessed Attacker Value: 3 \nAssessed Attacker Value: 3Assessed Attacker Value: 2\n", "published": "2021-09-15T00:00:00", "modified": "2021-09-25T00:00:00", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}, "cvss2": {}, "cvss3": {}, "href": "https://attackerkb.com/topics/6ojqzQoPox/cve-2021-40444", "reporter": "AttackerKB", "references": ["https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-40444", "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-40444", "http://packetstormsecurity.com/files/164210/Microsoft-Windows-MSHTML-Overview.html"], "cvelist": ["CVE-2021-40444"], "immutableFields": [], "lastseen": "2021-10-12T16:42:15", "history": [], "viewCount": 53, "enchantments": {"dependencies": {"references": [{"type": "cve", "idList": ["CVE-2021-40444"]}, {"type": "kitploit", "idList": ["KITPLOIT:5187040326820919368", "KITPLOIT:2590785192528609562", "KITPLOIT:698315176468431184", "KITPLOIT:942518396640901655", "KITPLOIT:3456474172768099634", "KITPLOIT:3697667464193804316", "KITPLOIT:4033244480100620751", "KITPLOIT:4074521293617632933", "KITPLOIT:1624142243530526923", "KITPLOIT:5550923684662771880", "KITPLOIT:5184284878903042540", "KITPLOIT:5230148353750207837"]}, {"type": "securelist", "idList": ["SECURELIST:63306FA6D056BD9A04969409AC790D84"]}, {"type": "cisa", "idList": ["CISA:C70D91615E3DC8B589B493118D474566"]}, {"type": "mmpc", "idList": ["MMPC:795E0A765679492C51FEFA2B19EAD597"]}, {"type": "mssecure", "idList": ["MSSECURE:795E0A765679492C51FEFA2B19EAD597"]}, {"type": "trendmicroblog", "idList": ["TRENDMICROBLOG:E17B66F8728189778826A0F497A540F2", "TRENDMICROBLOG:E0C479F55DF4C53A47CA2170110555AE"]}, {"type": "nessus", "idList": ["SMB_NT_MS21_SEP_5005613.NASL", "SMB_NT_MS21_SEP_5005569.NASL", "SMB_NT_MS21_SEP_INTERNET_EXPLORER.NASL", "SMB_NT_MS21_IE_SEPT_2021.NASL", "SMB_NT_MS21_SEP_5005573.NASL", "SMB_NT_MS21_SEP_5005565.NASL", "SMB_NT_MS21_SEP_5005566.NASL", "SMB_NT_MS21_SEP_5005568.NASL"]}, {"type": "thn", "idList": ["THN:D4E86BD8938D3B2E15104CA4922A51F8", "THN:59AE75C78D4644BFA6AD90225B3DE0C1", "THN:67ECC712AB360F5A56F2434CDBF6B51F"]}, {"type": "kaspersky", "idList": ["KLA12277", "KLA12278"]}, {"type": "malwarebytes", "idList": ["MALWAREBYTES:DB54B348AF1AC41987150B5CE7B1BC66", "MALWAREBYTES:801E20618F96EF51F9E60F7BC7906C2B", "MALWAREBYTES:76333D1F0FCAFD79FA2EDD4A4CAFBB38"]}, {"type": "threatpost", "idList": ["THREATPOST:6D61C560E85ECD0A7A35C55E74849510", "THREATPOST:62DC935BF4DB4EF8A4F1E83519B1D5CD", "THREATPOST:3C3F20C93519036CC712D1CA3A6D7C48"]}, {"type": "krebs", "idList": ["KREBS:2EC42B845847A6DCFE50ECEB9FF61C29", "KREBS:409088FC2DFC219B74043104C2B672CC"]}, {"type": "mscve", "idList": ["MS:CVE-2021-40444"]}, {"type": "mskb", "idList": ["KB5005563"]}, {"type": "avleonov", "idList": ["AVLEONOV:5945665DFA613F7707360C10CED8C916"]}, {"type": "rapid7blog", "idList": ["RAPID7BLOG:CC071AA6971D64B0F7A596B2BBD5F046"]}, {"type": "qualysblog", "idList": ["QUALYSBLOG:5576D16DC39617927D8AEFF027CC0911"]}], "modified": "2021-10-12T01:42:18", "rev": 2}, "score": {"value": 4.4, "vector": "NONE", "modified": "2021-10-12T01:42:18", "rev": 2}}, "objectVersion": "1.6", "attackerkb": {"attackerValue": 3, "exploitability": 2}, "wildExploited": true, "wildExploitedCategory": {"Vendor Advisory": "", "News Article or Blog": ""}, "wildExploitedReports": [{"category": "Vendor Advisory", "source_url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-40444", "published": "2021-09-07T18:47:00"}, {"category": "Vendor Advisory", "source_url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-40444", "published": "2021-09-07T22:50:00"}, {"category": "Vendor Advisory", "source_url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-40444", "published": "2021-09-09T09:55:00"}, {"category": "News Article or Blog", "source_url": "", "published": "2021-09-10T05:06:00"}, {"category": "Vendor Advisory", "source_url": "https://www.microsoft.com/security/blog/2021/09/15/analyzing-attacks-that-exploit-the-mshtml-cve-2021-40444-vulnerability/", "published": "2021-09-17T14:53:00"}, {"category": "Threat Feed", "source_url": "", "published": "2021-09-17T14:53:00"}], "references_categories": {"Canonical": ["https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-40444"], "Miscellaneous": ["https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-40444", "http://packetstormsecurity.com/files/164210/Microsoft-Windows-MSHTML-Overview.html"]}, "tags": ["requires_interaction", "obscure_configuration"], "mitre_vector": {"Execution": ["Command and Scripting Interpreter: Windows Command Shell(Validated)", "Exploitation for Client Execution(Validated)", "User Execution(Validated)"]}, "last_activity": "2021-09-25T00:00:00"}, "lastseen": "2021-10-12T16:42:15", "differentElements": ["href"], "edition": 94}, {"bulletin": {"id": "AKB:F7CCD0B7-220B-49E5-A4DF-27E26B64A3F0", "hash": "f895324dfc94580c2fd6a7d9a0f2f27a", "type": "attackerkb", "bulletinFamily": "info", "title": "CVE-2021-40444", "description": "Microsoft MSHTML Remote Code Execution Vulnerability\n\n \n**Recent assessments:** \n \n**JunquerGJ** at September 07, 2021 10:50pm UTC reported:\n\n * Vulnerable if default behaviour has been changed ( By default, Microsoft Office opens documents from the internet in Protected View or Application Guard for Office both of which prevent the current attack ) \n\n * Requires social engineering to be exploited \n\n * Workaround easy to deploy\n\n**ccondon-r7** at September 07, 2021 7:12pm UTC reported:\n\n * Vulnerable if default behaviour has been changed ( By default, Microsoft Office opens documents from the internet in Protected View or Application Guard for Office both of which prevent the current attack ) \n\n * Requires social engineering to be exploited \n\n * Workaround easy to deploy\n\n**nu11secur1ty** at September 22, 2021 4:28pm UTC reported:\n\n * Vulnerable if default behaviour has been changed ( By default, Microsoft Office opens documents from the internet in Protected View or Application Guard for Office both of which prevent the current attack ) \n\n * Requires social engineering to be exploited \n\n * Workaround easy to deploy\n\n**NinjaOperator** at September 07, 2021 6:45pm UTC reported:\n\n * Vulnerable if default behaviour has been changed ( By default, Microsoft Office opens documents from the internet in Protected View or Application Guard for Office both of which prevent the current attack ) \n\n * Requires social engineering to be exploited \n\n * Workaround easy to deploy\n\nAssessed Attacker Value: 3 \nAssessed Attacker Value: 3Assessed Attacker Value: 2\n", "published": "2021-09-15T00:00:00", "modified": "2021-09-25T00:00:00", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}, "cvss2": {}, "cvss3": {}, "href": "https://attackerkb.com/comments/d5168efc-757d-4584-a59f-dd75d566c156", "reporter": "AttackerKB", "references": ["https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-40444", "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-40444", "http://packetstormsecurity.com/files/164210/Microsoft-Windows-MSHTML-Overview.html"], "cvelist": ["CVE-2021-40444"], "immutableFields": [], "lastseen": "2021-10-12T19:41:17", "history": [], "viewCount": 53, "enchantments": {"dependencies": {"references": [{"type": "cve", "idList": ["CVE-2021-40444"]}, {"type": "kitploit", "idList": ["KITPLOIT:5187040326820919368", "KITPLOIT:2590785192528609562", "KITPLOIT:698315176468431184", "KITPLOIT:942518396640901655", "KITPLOIT:3456474172768099634", "KITPLOIT:3697667464193804316", "KITPLOIT:4033244480100620751", "KITPLOIT:4074521293617632933", "KITPLOIT:1624142243530526923", "KITPLOIT:5550923684662771880", "KITPLOIT:5184284878903042540", "KITPLOIT:5230148353750207837"]}, {"type": "securelist", "idList": ["SECURELIST:63306FA6D056BD9A04969409AC790D84"]}, {"type": "cisa", "idList": ["CISA:C70D91615E3DC8B589B493118D474566"]}, {"type": "mmpc", "idList": ["MMPC:795E0A765679492C51FEFA2B19EAD597"]}, {"type": "mssecure", "idList": ["MSSECURE:795E0A765679492C51FEFA2B19EAD597"]}, {"type": "trendmicroblog", "idList": ["TRENDMICROBLOG:E17B66F8728189778826A0F497A540F2", "TRENDMICROBLOG:E0C479F55DF4C53A47CA2170110555AE"]}, {"type": "nessus", "idList": ["SMB_NT_MS21_SEP_5005613.NASL", "SMB_NT_MS21_SEP_5005569.NASL", "SMB_NT_MS21_SEP_INTERNET_EXPLORER.NASL", "SMB_NT_MS21_IE_SEPT_2021.NASL", "SMB_NT_MS21_SEP_5005573.NASL", "SMB_NT_MS21_SEP_5005565.NASL", "SMB_NT_MS21_SEP_5005566.NASL", "SMB_NT_MS21_SEP_5005568.NASL"]}, {"type": "thn", "idList": ["THN:D4E86BD8938D3B2E15104CA4922A51F8", "THN:59AE75C78D4644BFA6AD90225B3DE0C1", "THN:67ECC712AB360F5A56F2434CDBF6B51F"]}, {"type": "kaspersky", "idList": ["KLA12277", "KLA12278"]}, {"type": "malwarebytes", "idList": ["MALWAREBYTES:DB54B348AF1AC41987150B5CE7B1BC66", "MALWAREBYTES:801E20618F96EF51F9E60F7BC7906C2B", "MALWAREBYTES:76333D1F0FCAFD79FA2EDD4A4CAFBB38"]}, {"type": "threatpost", "idList": ["THREATPOST:6D61C560E85ECD0A7A35C55E74849510", "THREATPOST:62DC935BF4DB4EF8A4F1E83519B1D5CD", "THREATPOST:3C3F20C93519036CC712D1CA3A6D7C48"]}, {"type": "krebs", "idList": ["KREBS:2EC42B845847A6DCFE50ECEB9FF61C29", "KREBS:409088FC2DFC219B74043104C2B672CC"]}, {"type": "mscve", "idList": ["MS:CVE-2021-40444"]}, {"type": "mskb", "idList": ["KB5005563"]}, {"type": "avleonov", "idList": ["AVLEONOV:5945665DFA613F7707360C10CED8C916"]}, {"type": "rapid7blog", "idList": ["RAPID7BLOG:CC071AA6971D64B0F7A596B2BBD5F046"]}, {"type": "qualysblog", "idList": ["QUALYSBLOG:5576D16DC39617927D8AEFF027CC0911"]}], "modified": "2021-10-12T01:42:18", "rev": 2}, "score": {"value": 4.4, "vector": "NONE", "modified": "2021-10-12T01:42:18", "rev": 2}}, "objectVersion": "1.6", "attackerkb": {"attackerValue": 3, "exploitability": 2}, "wildExploited": true, "wildExploitedCategory": {"Vendor Advisory": "", "News Article or Blog": ""}, "wildExploitedReports": [{"category": "Vendor Advisory", "source_url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-40444", "published": "2021-09-07T18:47:00"}, {"category": "Vendor Advisory", "source_url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-40444", "published": "2021-09-07T22:50:00"}, {"category": "Vendor Advisory", "source_url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-40444", "published": "2021-09-09T09:55:00"}, {"category": "News Article or Blog", "source_url": "", "published": "2021-09-10T05:06:00"}, {"category": "Vendor Advisory", "source_url": "https://www.microsoft.com/security/blog/2021/09/15/analyzing-attacks-that-exploit-the-mshtml-cve-2021-40444-vulnerability/", "published": "2021-09-17T14:53:00"}, {"category": "Threat Feed", "source_url": "", "published": "2021-09-17T14:53:00"}], "references_categories": {"Canonical": ["https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-40444"], "Miscellaneous": ["https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-40444", "http://packetstormsecurity.com/files/164210/Microsoft-Windows-MSHTML-Overview.html"]}, "tags": ["requires_interaction", "obscure_configuration"], "mitre_vector": {"Execution": ["Command and Scripting Interpreter: Windows Command Shell(Validated)", "Exploitation for Client Execution(Validated)", "User Execution(Validated)"]}, "last_activity": "2021-09-25T00:00:00"}, "lastseen": "2021-10-12T19:41:17", "differentElements": ["href"], "edition": 95}, {"bulletin": {"id": "AKB:F7CCD0B7-220B-49E5-A4DF-27E26B64A3F0", "hash": "3d52b470d5472513daaca763ba17c977", "type": "attackerkb", "bulletinFamily": "info", "title": "CVE-2021-40444", "description": "Microsoft MSHTML Remote Code Execution Vulnerability\n\n \n**Recent assessments:** \n \n**JunquerGJ** at September 07, 2021 10:50pm UTC reported:\n\n * Vulnerable if default behaviour has been changed ( By default, Microsoft Office opens documents from the internet in Protected View or Application Guard for Office both of which prevent the current attack ) \n\n * Requires social engineering to be exploited \n\n * Workaround easy to deploy\n\n**ccondon-r7** at September 07, 2021 7:12pm UTC reported:\n\n * Vulnerable if default behaviour has been changed ( By default, Microsoft Office opens documents from the internet in Protected View or Application Guard for Office both of which prevent the current attack ) \n\n * Requires social engineering to be exploited \n\n * Workaround easy to deploy\n\n**nu11secur1ty** at September 22, 2021 4:28pm UTC reported:\n\n * Vulnerable if default behaviour has been changed ( By default, Microsoft Office opens documents from the internet in Protected View or Application Guard for Office both of which prevent the current attack ) \n\n * Requires social engineering to be exploited \n\n * Workaround easy to deploy\n\n**NinjaOperator** at September 07, 2021 6:45pm UTC reported:\n\n * Vulnerable if default behaviour has been changed ( By default, Microsoft Office opens documents from the internet in Protected View or Application Guard for Office both of which prevent the current attack ) \n\n * Requires social engineering to be exploited \n\n * Workaround easy to deploy\n\nAssessed Attacker Value: 3 \nAssessed Attacker Value: 3Assessed Attacker Value: 2\n", "published": "2021-09-15T00:00:00", "modified": "2021-09-25T00:00:00", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}, "cvss2": {}, "cvss3": {}, "href": "https://attackerkb.com/topics/6ojqzQoPox/cve-2021-40444", "reporter": "AttackerKB", "references": ["https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-40444", "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-40444", "http://packetstormsecurity.com/files/164210/Microsoft-Windows-MSHTML-Overview.html"], "cvelist": ["CVE-2021-40444"], "immutableFields": [], "lastseen": "2021-10-12T22:41:27", "history": [], "viewCount": 53, "enchantments": {"dependencies": {"references": [{"type": "cve", "idList": ["CVE-2021-40444"]}, {"type": "kitploit", "idList": ["KITPLOIT:5187040326820919368", "KITPLOIT:2590785192528609562", "KITPLOIT:698315176468431184", "KITPLOIT:942518396640901655", "KITPLOIT:3456474172768099634", "KITPLOIT:3697667464193804316", "KITPLOIT:4033244480100620751", "KITPLOIT:4074521293617632933", "KITPLOIT:1624142243530526923", "KITPLOIT:5550923684662771880", "KITPLOIT:5184284878903042540", "KITPLOIT:5230148353750207837"]}, {"type": "securelist", "idList": ["SECURELIST:63306FA6D056BD9A04969409AC790D84"]}, {"type": "cisa", "idList": ["CISA:C70D91615E3DC8B589B493118D474566"]}, {"type": "mmpc", "idList": ["MMPC:795E0A765679492C51FEFA2B19EAD597"]}, {"type": "mssecure", "idList": ["MSSECURE:795E0A765679492C51FEFA2B19EAD597"]}, {"type": "trendmicroblog", "idList": ["TRENDMICROBLOG:E17B66F8728189778826A0F497A540F2", "TRENDMICROBLOG:E0C479F55DF4C53A47CA2170110555AE"]}, {"type": "nessus", "idList": ["SMB_NT_MS21_SEP_5005613.NASL", "SMB_NT_MS21_SEP_5005569.NASL", "SMB_NT_MS21_SEP_INTERNET_EXPLORER.NASL", "SMB_NT_MS21_IE_SEPT_2021.NASL", "SMB_NT_MS21_SEP_5005573.NASL", "SMB_NT_MS21_SEP_5005565.NASL", "SMB_NT_MS21_SEP_5005566.NASL", "SMB_NT_MS21_SEP_5005568.NASL"]}, {"type": "thn", "idList": ["THN:D4E86BD8938D3B2E15104CA4922A51F8", "THN:59AE75C78D4644BFA6AD90225B3DE0C1", "THN:67ECC712AB360F5A56F2434CDBF6B51F"]}, {"type": "kaspersky", "idList": ["KLA12277", "KLA12278"]}, {"type": "malwarebytes", "idList": ["MALWAREBYTES:DB54B348AF1AC41987150B5CE7B1BC66", "MALWAREBYTES:801E20618F96EF51F9E60F7BC7906C2B", "MALWAREBYTES:76333D1F0FCAFD79FA2EDD4A4CAFBB38"]}, {"type": "threatpost", "idList": ["THREATPOST:6D61C560E85ECD0A7A35C55E74849510", "THREATPOST:62DC935BF4DB4EF8A4F1E83519B1D5CD", "THREATPOST:3C3F20C93519036CC712D1CA3A6D7C48"]}, {"type": "krebs", "idList": ["KREBS:2EC42B845847A6DCFE50ECEB9FF61C29", "KREBS:409088FC2DFC219B74043104C2B672CC"]}, {"type": "mscve", "idList": ["MS:CVE-2021-40444"]}, {"type": "mskb", "idList": ["KB5005563"]}, {"type": "avleonov", "idList": ["AVLEONOV:5945665DFA613F7707360C10CED8C916"]}, {"type": "rapid7blog", "idList": ["RAPID7BLOG:CC071AA6971D64B0F7A596B2BBD5F046"]}, {"type": "qualysblog", "idList": ["QUALYSBLOG:5576D16DC39617927D8AEFF027CC0911"]}], "modified": "2021-10-12T01:42:18", "rev": 2}, "score": {"value": 4.4, "vector": "NONE", "modified": "2021-10-12T01:42:18", "rev": 2}}, "objectVersion": "1.6", "attackerkb": {"attackerValue": 3, "exploitability": 2}, "wildExploited": true, "wildExploitedCategory": {"Vendor Advisory": "", "News Article or Blog": ""}, "wildExploitedReports": [{"category": "Vendor Advisory", "source_url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-40444", "published": "2021-09-07T18:47:00"}, {"category": "Vendor Advisory", "source_url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-40444", "published": "2021-09-07T22:50:00"}, {"category": "Vendor Advisory", "source_url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-40444", "published": "2021-09-09T09:55:00"}, {"category": "News Article or Blog", "source_url": "", "published": "2021-09-10T05:06:00"}, {"category": "Vendor Advisory", "source_url": "https://www.microsoft.com/security/blog/2021/09/15/analyzing-attacks-that-exploit-the-mshtml-cve-2021-40444-vulnerability/", "published": "2021-09-17T14:53:00"}, {"category": "Threat Feed", "source_url": "", "published": "2021-09-17T14:53:00"}], "references_categories": {"Canonical": ["https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-40444"], "Miscellaneous": ["https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-40444", "http://packetstormsecurity.com/files/164210/Microsoft-Windows-MSHTML-Overview.html"]}, "tags": ["requires_interaction", "obscure_configuration"], "mitre_vector": {"Execution": ["Command and Scripting Interpreter: Windows Command Shell(Validated)", "Exploitation for Client Execution(Validated)", "User Execution(Validated)"]}, "last_activity": "2021-09-25T00:00:00"}, "lastseen": "2021-10-12T22:41:27", "differentElements": ["href"], "edition": 96}, {"bulletin": {"id": "AKB:F7CCD0B7-220B-49E5-A4DF-27E26B64A3F0", "hash": "f895324dfc94580c2fd6a7d9a0f2f27a", "type": "attackerkb", "bulletinFamily": "info", "title": "CVE-2021-40444", "description": "Microsoft MSHTML Remote Code Execution Vulnerability\n\n \n**Recent assessments:** \n \n**JunquerGJ** at September 07, 2021 10:50pm UTC reported:\n\n * Vulnerable if default behaviour has been changed ( By default, Microsoft Office opens documents from the internet in Protected View or Application Guard for Office both of which prevent the current attack ) \n\n * Requires social engineering to be exploited \n\n * Workaround easy to deploy\n\n**ccondon-r7** at September 07, 2021 7:12pm UTC reported:\n\n * Vulnerable if default behaviour has been changed ( By default, Microsoft Office opens documents from the internet in Protected View or Application Guard for Office both of which prevent the current attack ) \n\n * Requires social engineering to be exploited \n\n * Workaround easy to deploy\n\n**nu11secur1ty** at September 22, 2021 4:28pm UTC reported:\n\n * Vulnerable if default behaviour has been changed ( By default, Microsoft Office opens documents from the internet in Protected View or Application Guard for Office both of which prevent the current attack ) \n\n * Requires social engineering to be exploited \n\n * Workaround easy to deploy\n\n**NinjaOperator** at September 07, 2021 6:45pm UTC reported:\n\n * Vulnerable if default behaviour has been changed ( By default, Microsoft Office opens documents from the internet in Protected View or Application Guard for Office both of which prevent the current attack ) \n\n * Requires social engineering to be exploited \n\n * Workaround easy to deploy\n\nAssessed Attacker Value: 3 \nAssessed Attacker Value: 3Assessed Attacker Value: 2\n", "published": "2021-09-15T00:00:00", "modified": "2021-09-25T00:00:00", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}, "cvss2": {}, "cvss3": {}, "href": "https://attackerkb.com/comments/d5168efc-757d-4584-a59f-dd75d566c156", "reporter": "AttackerKB", "references": ["https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-40444", "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-40444", "http://packetstormsecurity.com/files/164210/Microsoft-Windows-MSHTML-Overview.html"], "cvelist": ["CVE-2021-40444"], "immutableFields": [], "lastseen": "2021-10-13T01:59:51", "history": [], "viewCount": 53, "enchantments": {"dependencies": {"references": [{"type": "cve", "idList": ["CVE-2021-40444"]}, {"type": "kitploit", "idList": ["KITPLOIT:5187040326820919368", "KITPLOIT:2590785192528609562", "KITPLOIT:698315176468431184", "KITPLOIT:942518396640901655", "KITPLOIT:3456474172768099634", "KITPLOIT:3697667464193804316", "KITPLOIT:4033244480100620751", "KITPLOIT:4074521293617632933", "KITPLOIT:1624142243530526923", "KITPLOIT:5550923684662771880", "KITPLOIT:5184284878903042540", "KITPLOIT:5230148353750207837"]}, {"type": "securelist", "idList": ["SECURELIST:63306FA6D056BD9A04969409AC790D84"]}, {"type": "cisa", "idList": ["CISA:C70D91615E3DC8B589B493118D474566"]}, {"type": "mmpc", "idList": ["MMPC:795E0A765679492C51FEFA2B19EAD597"]}, {"type": "mssecure", "idList": ["MSSECURE:795E0A765679492C51FEFA2B19EAD597"]}, {"type": "trendmicroblog", "idList": ["TRENDMICROBLOG:E17B66F8728189778826A0F497A540F2", "TRENDMICROBLOG:E0C479F55DF4C53A47CA2170110555AE"]}, {"type": "nessus", "idList": ["SMB_NT_MS21_SEP_5005613.NASL", "SMB_NT_MS21_SEP_5005569.NASL", "SMB_NT_MS21_SEP_INTERNET_EXPLORER.NASL", "SMB_NT_MS21_IE_SEPT_2021.NASL", "SMB_NT_MS21_SEP_5005573.NASL", "SMB_NT_MS21_SEP_5005565.NASL", "SMB_NT_MS21_SEP_5005566.NASL", "SMB_NT_MS21_SEP_5005568.NASL"]}, {"type": "thn", "idList": ["THN:D4E86BD8938D3B2E15104CA4922A51F8", "THN:59AE75C78D4644BFA6AD90225B3DE0C1", "THN:67ECC712AB360F5A56F2434CDBF6B51F"]}, {"type": "kaspersky", "idList": ["KLA12277", "KLA12278"]}, {"type": "malwarebytes", "idList": ["MALWAREBYTES:DB54B348AF1AC41987150B5CE7B1BC66", "MALWAREBYTES:801E20618F96EF51F9E60F7BC7906C2B", "MALWAREBYTES:76333D1F0FCAFD79FA2EDD4A4CAFBB38"]}, {"type": "threatpost", "idList": ["THREATPOST:6D61C560E85ECD0A7A35C55E74849510", "THREATPOST:62DC935BF4DB4EF8A4F1E83519B1D5CD", "THREATPOST:3C3F20C93519036CC712D1CA3A6D7C48"]}, {"type": "krebs", "idList": ["KREBS:2EC42B845847A6DCFE50ECEB9FF61C29", "KREBS:409088FC2DFC219B74043104C2B672CC"]}, {"type": "mscve", "idList": ["MS:CVE-2021-40444"]}, {"type": "mskb", "idList": ["KB5005563"]}, {"type": "avleonov", "idList": ["AVLEONOV:5945665DFA613F7707360C10CED8C916"]}, {"type": "rapid7blog", "idList": ["RAPID7BLOG:CC071AA6971D64B0F7A596B2BBD5F046"]}, {"type": "qualysblog", "idList": ["QUALYSBLOG:5576D16DC39617927D8AEFF027CC0911"]}], "modified": "2021-10-12T01:42:18", "rev": 2}, "score": {"value": 4.4, "vector": "NONE", "modified": "2021-10-12T01:42:18", "rev": 2}}, "objectVersion": "1.6", "attackerkb": {"attackerValue": 3, "exploitability": 2}, "wildExploited": true, "wildExploitedCategory": {"Vendor Advisory": "", "News Article or Blog": ""}, "wildExploitedReports": [{"category": "Vendor Advisory", "source_url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-40444", "published": "2021-09-07T18:47:00"}, {"category": "Vendor Advisory", "source_url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-40444", "published": "2021-09-07T22:50:00"}, {"category": "Vendor Advisory", "source_url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-40444", "published": "2021-09-09T09:55:00"}, {"category": "News Article or Blog", "source_url": "", "published": "2021-09-10T05:06:00"}, {"category": "Vendor Advisory", "source_url": "https://www.microsoft.com/security/blog/2021/09/15/analyzing-attacks-that-exploit-the-mshtml-cve-2021-40444-vulnerability/", "published": "2021-09-17T14:53:00"}, {"category": "Threat Feed", "source_url": "", "published": "2021-09-17T14:53:00"}], "references_categories": {"Canonical": ["https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-40444"], "Miscellaneous": ["https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-40444", "http://packetstormsecurity.com/files/164210/Microsoft-Windows-MSHTML-Overview.html"]}, "tags": ["requires_interaction", "obscure_configuration"], "mitre_vector": {"Execution": ["Command and Scripting Interpreter: Windows Command Shell(Validated)", "Exploitation for Client Execution(Validated)", "User Execution(Validated)"]}, "last_activity": "2021-09-25T00:00:00"}, "lastseen": "2021-10-13T01:59:51", "differentElements": ["href"], "edition": 97}, {"bulletin": {"id": "AKB:F7CCD0B7-220B-49E5-A4DF-27E26B64A3F0", "hash": "3d52b470d5472513daaca763ba17c977", "type": "attackerkb", "bulletinFamily": "info", "title": "CVE-2021-40444", "description": "Microsoft MSHTML Remote Code Execution Vulnerability\n\n \n**Recent assessments:** \n \n**JunquerGJ** at September 07, 2021 10:50pm UTC reported:\n\n * Vulnerable if default behaviour has been changed ( By default, Microsoft Office opens documents from the internet in Protected View or Application Guard for Office both of which prevent the current attack ) \n\n * Requires social engineering to be exploited \n\n * Workaround easy to deploy\n\n**ccondon-r7** at September 07, 2021 7:12pm UTC reported:\n\n * Vulnerable if default behaviour has been changed ( By default, Microsoft Office opens documents from the internet in Protected View or Application Guard for Office both of which prevent the current attack ) \n\n * Requires social engineering to be exploited \n\n * Workaround easy to deploy\n\n**nu11secur1ty** at September 22, 2021 4:28pm UTC reported:\n\n * Vulnerable if default behaviour has been changed ( By default, Microsoft Office opens documents from the internet in Protected View or Application Guard for Office both of which prevent the current attack ) \n\n * Requires social engineering to be exploited \n\n * Workaround easy to deploy\n\n**NinjaOperator** at September 07, 2021 6:45pm UTC reported:\n\n * Vulnerable if default behaviour has been changed ( By default, Microsoft Office opens documents from the internet in Protected View or Application Guard for Office both of which prevent the current attack ) \n\n * Requires social engineering to be exploited \n\n * Workaround easy to deploy\n\nAssessed Attacker Value: 3 \nAssessed Attacker Value: 3Assessed Attacker Value: 2\n", "published": "2021-09-15T00:00:00", "modified": "2021-09-25T00:00:00", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}, "cvss2": {}, "cvss3": {}, "href": "https://attackerkb.com/topics/6ojqzQoPox/cve-2021-40444", "reporter": "AttackerKB", "references": ["https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-40444", "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-40444", "http://packetstormsecurity.com/files/164210/Microsoft-Windows-MSHTML-Overview.html"], "cvelist": ["CVE-2021-40444"], "immutableFields": [], "lastseen": "2021-10-13T04:45:26", "history": [], "viewCount": 53, "enchantments": {"dependencies": {"references": [{"type": "cve", "idList": ["CVE-2021-40444"]}, {"type": "kitploit", "idList": ["KITPLOIT:5187040326820919368", "KITPLOIT:2590785192528609562", "KITPLOIT:698315176468431184", "KITPLOIT:942518396640901655", "KITPLOIT:3456474172768099634", "KITPLOIT:3697667464193804316", "KITPLOIT:4033244480100620751", "KITPLOIT:4074521293617632933", "KITPLOIT:1624142243530526923", "KITPLOIT:5550923684662771880", "KITPLOIT:5184284878903042540", "KITPLOIT:5230148353750207837"]}, {"type": "securelist", "idList": ["SECURELIST:63306FA6D056BD9A04969409AC790D84"]}, {"type": "cisa", "idList": ["CISA:C70D91615E3DC8B589B493118D474566"]}, {"type": "mmpc", "idList": ["MMPC:795E0A765679492C51FEFA2B19EAD597"]}, {"type": "mssecure", "idList": ["MSSECURE:795E0A765679492C51FEFA2B19EAD597"]}, {"type": "trendmicroblog", "idList": ["TRENDMICROBLOG:E17B66F8728189778826A0F497A540F2", "TRENDMICROBLOG:E0C479F55DF4C53A47CA2170110555AE"]}, {"type": "nessus", "idList": ["SMB_NT_MS21_SEP_5005613.NASL", "SMB_NT_MS21_SEP_5005569.NASL", "SMB_NT_MS21_SEP_INTERNET_EXPLORER.NASL", "SMB_NT_MS21_IE_SEPT_2021.NASL", "SMB_NT_MS21_SEP_5005573.NASL", "SMB_NT_MS21_SEP_5005565.NASL", "SMB_NT_MS21_SEP_5005566.NASL", "SMB_NT_MS21_SEP_5005568.NASL"]}, {"type": "thn", "idList": ["THN:D4E86BD8938D3B2E15104CA4922A51F8", "THN:59AE75C78D4644BFA6AD90225B3DE0C1", "THN:67ECC712AB360F5A56F2434CDBF6B51F"]}, {"type": "kaspersky", "idList": ["KLA12277", "KLA12278"]}, {"type": "malwarebytes", "idList": ["MALWAREBYTES:DB54B348AF1AC41987150B5CE7B1BC66", "MALWAREBYTES:801E20618F96EF51F9E60F7BC7906C2B", "MALWAREBYTES:76333D1F0FCAFD79FA2EDD4A4CAFBB38"]}, {"type": "threatpost", "idList": ["THREATPOST:6D61C560E85ECD0A7A35C55E74849510", "THREATPOST:62DC935BF4DB4EF8A4F1E83519B1D5CD", "THREATPOST:3C3F20C93519036CC712D1CA3A6D7C48"]}, {"type": "krebs", "idList": ["KREBS:2EC42B845847A6DCFE50ECEB9FF61C29", "KREBS:409088FC2DFC219B74043104C2B672CC"]}, {"type": "mscve", "idList": ["MS:CVE-2021-40444"]}, {"type": "mskb", "idList": ["KB5005563"]}, {"type": "avleonov", "idList": ["AVLEONOV:5945665DFA613F7707360C10CED8C916"]}, {"type": "rapid7blog", "idList": ["RAPID7BLOG:CC071AA6971D64B0F7A596B2BBD5F046"]}, {"type": "qualysblog", "idList": ["QUALYSBLOG:5576D16DC39617927D8AEFF027CC0911"]}], "modified": "2021-10-12T01:42:18", "rev": 2}, "score": {"value": 4.4, "vector": "NONE", "modified": "2021-10-12T01:42:18", "rev": 2}}, "objectVersion": "1.6", "attackerkb": {"attackerValue": 3, "exploitability": 2}, "wildExploited": true, "wildExploitedCategory": {"Vendor Advisory": "", "News Article or Blog": ""}, "wildExploitedReports": [{"category": "Vendor Advisory", "source_url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-40444", "published": "2021-09-07T18:47:00"}, {"category": "Vendor Advisory", "source_url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-40444", "published": "2021-09-07T22:50:00"}, {"category": "Vendor Advisory", "source_url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-40444", "published": "2021-09-09T09:55:00"}, {"category": "News Article or Blog", "source_url": "", "published": "2021-09-10T05:06:00"}, {"category": "Vendor Advisory", "source_url": "https://www.microsoft.com/security/blog/2021/09/15/analyzing-attacks-that-exploit-the-mshtml-cve-2021-40444-vulnerability/", "published": "2021-09-17T14:53:00"}, {"category": "Threat Feed", "source_url": "", "published": "2021-09-17T14:53:00"}], "references_categories": {"Canonical": ["https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-40444"], "Miscellaneous": ["https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-40444", "http://packetstormsecurity.com/files/164210/Microsoft-Windows-MSHTML-Overview.html"]}, "tags": ["requires_interaction", "obscure_configuration"], "mitre_vector": {"Execution": ["Command and Scripting Interpreter: Windows Command Shell(Validated)", "Exploitation for Client Execution(Validated)", "User Execution(Validated)"]}, "last_activity": "2021-09-25T00:00:00"}, "lastseen": "2021-10-13T04:45:26", "differentElements": ["href"], "edition": 98}, {"bulletin": {"id": "AKB:F7CCD0B7-220B-49E5-A4DF-27E26B64A3F0", "hash": "f895324dfc94580c2fd6a7d9a0f2f27a", "type": "attackerkb", "bulletinFamily": "info", "title": "CVE-2021-40444", "description": "Microsoft MSHTML Remote Code Execution Vulnerability\n\n \n**Recent assessments:** \n \n**JunquerGJ** at September 07, 2021 10:50pm UTC reported:\n\n * Vulnerable if default behaviour has been changed ( By default, Microsoft Office opens documents from the internet in Protected View or Application Guard for Office both of which prevent the current attack ) \n\n * Requires social engineering to be exploited \n\n * Workaround easy to deploy\n\n**ccondon-r7** at September 07, 2021 7:12pm UTC reported:\n\n * Vulnerable if default behaviour has been changed ( By default, Microsoft Office opens documents from the internet in Protected View or Application Guard for Office both of which prevent the current attack ) \n\n * Requires social engineering to be exploited \n\n * Workaround easy to deploy\n\n**nu11secur1ty** at September 22, 2021 4:28pm UTC reported:\n\n * Vulnerable if default behaviour has been changed ( By default, Microsoft Office opens documents from the internet in Protected View or Application Guard for Office both of which prevent the current attack ) \n\n * Requires social engineering to be exploited \n\n * Workaround easy to deploy\n\n**NinjaOperator** at September 07, 2021 6:45pm UTC reported:\n\n * Vulnerable if default behaviour has been changed ( By default, Microsoft Office opens documents from the internet in Protected View or Application Guard for Office both of which prevent the current attack ) \n\n * Requires social engineering to be exploited \n\n * Workaround easy to deploy\n\nAssessed Attacker Value: 3 \nAssessed Attacker Value: 3Assessed Attacker Value: 2\n", "published": "2021-09-15T00:00:00", "modified": "2021-09-25T00:00:00", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}, "cvss2": {}, "cvss3": {}, "href": "https://attackerkb.com/comments/d5168efc-757d-4584-a59f-dd75d566c156", "reporter": "AttackerKB", "references": ["https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-40444", "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-40444", "http://packetstormsecurity.com/files/164210/Microsoft-Windows-MSHTML-Overview.html"], "cvelist": ["CVE-2021-40444"], "immutableFields": [], "lastseen": "2021-10-13T07:41:20", "history": [], "viewCount": 53, "enchantments": {"dependencies": {"references": [{"type": "cve", "idList": ["CVE-2021-40444"]}, {"type": "kitploit", "idList": ["KITPLOIT:5187040326820919368", "KITPLOIT:2590785192528609562", "KITPLOIT:698315176468431184", "KITPLOIT:942518396640901655", "KITPLOIT:3456474172768099634", "KITPLOIT:3697667464193804316", "KITPLOIT:4033244480100620751", "KITPLOIT:4074521293617632933", "KITPLOIT:1624142243530526923", "KITPLOIT:5550923684662771880", "KITPLOIT:5184284878903042540", "KITPLOIT:5230148353750207837"]}, {"type": "securelist", "idList": ["SECURELIST:63306FA6D056BD9A04969409AC790D84"]}, {"type": "cisa", "idList": ["CISA:C70D91615E3DC8B589B493118D474566"]}, {"type": "mmpc", "idList": ["MMPC:795E0A765679492C51FEFA2B19EAD597"]}, {"type": "mssecure", "idList": ["MSSECURE:795E0A765679492C51FEFA2B19EAD597"]}, {"type": "trendmicroblog", "idList": ["TRENDMICROBLOG:E17B66F8728189778826A0F497A540F2", "TRENDMICROBLOG:E0C479F55DF4C53A47CA2170110555AE"]}, {"type": "nessus", "idList": ["SMB_NT_MS21_SEP_5005613.NASL", "SMB_NT_MS21_SEP_5005569.NASL", "SMB_NT_MS21_SEP_INTERNET_EXPLORER.NASL", "SMB_NT_MS21_IE_SEPT_2021.NASL", "SMB_NT_MS21_SEP_5005573.NASL", "SMB_NT_MS21_SEP_5005565.NASL", "SMB_NT_MS21_SEP_5005566.NASL", "SMB_NT_MS21_SEP_5005568.NASL"]}, {"type": "thn", "idList": ["THN:D4E86BD8938D3B2E15104CA4922A51F8", "THN:59AE75C78D4644BFA6AD90225B3DE0C1", "THN:67ECC712AB360F5A56F2434CDBF6B51F"]}, {"type": "kaspersky", "idList": ["KLA12277", "KLA12278"]}, {"type": "malwarebytes", "idList": ["MALWAREBYTES:DB54B348AF1AC41987150B5CE7B1BC66", "MALWAREBYTES:801E20618F96EF51F9E60F7BC7906C2B", "MALWAREBYTES:76333D1F0FCAFD79FA2EDD4A4CAFBB38"]}, {"type": "threatpost", "idList": ["THREATPOST:6D61C560E85ECD0A7A35C55E74849510", "THREATPOST:62DC935BF4DB4EF8A4F1E83519B1D5CD", "THREATPOST:3C3F20C93519036CC712D1CA3A6D7C48"]}, {"type": "krebs", "idList": ["KREBS:2EC42B845847A6DCFE50ECEB9FF61C29", "KREBS:409088FC2DFC219B74043104C2B672CC"]}, {"type": "mscve", "idList": ["MS:CVE-2021-40444"]}, {"type": "mskb", "idList": ["KB5005563"]}, {"type": "avleonov", "idList": ["AVLEONOV:5945665DFA613F7707360C10CED8C916"]}, {"type": "rapid7blog", "idList": ["RAPID7BLOG:CC071AA6971D64B0F7A596B2BBD5F046"]}, {"type": "qualysblog", "idList": ["QUALYSBLOG:5576D16DC39617927D8AEFF027CC0911"]}], "modified": "2021-10-12T01:42:18", "rev": 2}, "score": {"value": 4.4, "vector": "NONE", "modified": "2021-10-12T01:42:18", "rev": 2}}, "objectVersion": "1.6", "attackerkb": {"attackerValue": 3, "exploitability": 2}, "wildExploited": true, "wildExploitedCategory": {"Vendor Advisory": "", "News Article or Blog": ""}, "wildExploitedReports": [{"category": "Vendor Advisory", "source_url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-40444", "published": "2021-09-07T18:47:00"}, {"category": "Vendor Advisory", "source_url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-40444", "published": "2021-09-07T22:50:00"}, {"category": "Vendor Advisory", "source_url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-40444", "published": "2021-09-09T09:55:00"}, {"category": "News Article or Blog", "source_url": "", "published": "2021-09-10T05:06:00"}, {"category": "Vendor Advisory", "source_url": "https://www.microsoft.com/security/blog/2021/09/15/analyzing-attacks-that-exploit-the-mshtml-cve-2021-40444-vulnerability/", "published": "2021-09-17T14:53:00"}, {"category": "Threat Feed", "source_url": "", "published": "2021-09-17T14:53:00"}], "references_categories": {"Canonical": ["https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-40444"], "Miscellaneous": ["https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-40444", "http://packetstormsecurity.com/files/164210/Microsoft-Windows-MSHTML-Overview.html"]}, "tags": ["requires_interaction", "obscure_configuration"], "mitre_vector": {"Execution": ["Command and Scripting Interpreter: Windows Command Shell(Validated)", "Exploitation for Client Execution(Validated)", "User Execution(Validated)"]}, "last_activity": "2021-09-25T00:00:00"}, "lastseen": "2021-10-13T07:41:20", "differentElements": ["href"], "edition": 99}, {"bulletin": {"id": "AKB:F7CCD0B7-220B-49E5-A4DF-27E26B64A3F0", "hash": "3d52b470d5472513daaca763ba17c977", "type": "attackerkb", "bulletinFamily": "info", "title": "CVE-2021-40444", "description": "Microsoft MSHTML Remote Code Execution Vulnerability\n\n \n**Recent assessments:** \n \n**JunquerGJ** at September 07, 2021 10:50pm UTC reported:\n\n * Vulnerable if default behaviour has been changed ( By default, Microsoft Office opens documents from the internet in Protected View or Application Guard for Office both of which prevent the current attack ) \n\n * Requires social engineering to be exploited \n\n * Workaround easy to deploy\n\n**ccondon-r7** at September 07, 2021 7:12pm UTC reported:\n\n * Vulnerable if default behaviour has been changed ( By default, Microsoft Office opens documents from the internet in Protected View or Application Guard for Office both of which prevent the current attack ) \n\n * Requires social engineering to be exploited \n\n * Workaround easy to deploy\n\n**nu11secur1ty** at September 22, 2021 4:28pm UTC reported:\n\n * Vulnerable if default behaviour has been changed ( By default, Microsoft Office opens documents from the internet in Protected View or Application Guard for Office both of which prevent the current attack ) \n\n * Requires social engineering to be exploited \n\n * Workaround easy to deploy\n\n**NinjaOperator** at September 07, 2021 6:45pm UTC reported:\n\n * Vulnerable if default behaviour has been changed ( By default, Microsoft Office opens documents from the internet in Protected View or Application Guard for Office both of which prevent the current attack ) \n\n * Requires social engineering to be exploited \n\n * Workaround easy to deploy\n\nAssessed Attacker Value: 3 \nAssessed Attacker Value: 3Assessed Attacker Value: 2\n", "published": "2021-09-15T00:00:00", "modified": "2021-09-25T00:00:00", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}, "cvss2": {}, "cvss3": {}, "href": "https://attackerkb.com/topics/6ojqzQoPox/cve-2021-40444", "reporter": "AttackerKB", "references": ["https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-40444", "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-40444", "http://packetstormsecurity.com/files/164210/Microsoft-Windows-MSHTML-Overview.html"], "cvelist": ["CVE-2021-40444"], "immutableFields": [], "lastseen": "2021-10-13T07:41:23", "history": [], "viewCount": 53, "enchantments": {"dependencies": {"references": [{"type": "cve", "idList": ["CVE-2021-40444"]}, {"type": "kitploit", "idList": ["KITPLOIT:942518396640901655", "KITPLOIT:5184284878903042540", "KITPLOIT:5230148353750207837", "KITPLOIT:3456474172768099634", "KITPLOIT:698315176468431184", "KITPLOIT:4033244480100620751", "KITPLOIT:2590785192528609562", "KITPLOIT:5187040326820919368", "KITPLOIT:1624142243530526923", "KITPLOIT:3697667464193804316", "KITPLOIT:4074521293617632933", "KITPLOIT:5550923684662771880"]}, {"type": "securelist", "idList": ["SECURELIST:63306FA6D056BD9A04969409AC790D84"]}, {"type": "cisa", "idList": ["CISA:C70D91615E3DC8B589B493118D474566"]}, {"type": "mmpc", "idList": ["MMPC:795E0A765679492C51FEFA2B19EAD597"]}, {"type": "mssecure", "idList": ["MSSECURE:795E0A765679492C51FEFA2B19EAD597"]}, {"type": "trendmicroblog", "idList": ["TRENDMICROBLOG:E17B66F8728189778826A0F497A540F2", "TRENDMICROBLOG:E0C479F55DF4C53A47CA2170110555AE"]}, {"type": "nessus", "idList": ["SMB_NT_MS21_SEP_5005565.NASL", "SMB_NT_MS21_SEP_5005573.NASL", "SMB_NT_MS21_IE_SEPT_2021.NASL", "SMB_NT_MS21_SEP_5005566.NASL", "SMB_NT_MS21_SEP_5005569.NASL", "SMB_NT_MS21_SEP_5005613.NASL", "SMB_NT_MS21_SEP_INTERNET_EXPLORER.NASL", "SMB_NT_MS21_SEP_5005568.NASL"]}, {"type": "kaspersky", "idList": ["KLA12278", "KLA12277"]}, {"type": "malwarebytes", "idList": ["MALWAREBYTES:801E20618F96EF51F9E60F7BC7906C2B", "MALWAREBYTES:DB54B348AF1AC41987150B5CE7B1BC66", "MALWAREBYTES:76333D1F0FCAFD79FA2EDD4A4CAFBB38"]}, {"type": "thn", "idList": ["THN:59AE75C78D4644BFA6AD90225B3DE0C1", "THN:D4E86BD8938D3B2E15104CA4922A51F8", "THN:67ECC712AB360F5A56F2434CDBF6B51F"]}, {"type": "threatpost", "idList": ["THREATPOST:6D61C560E85ECD0A7A35C55E74849510", "THREATPOST:62DC935BF4DB4EF8A4F1E83519B1D5CD", "THREATPOST:3C3F20C93519036CC712D1CA3A6D7C48"]}, {"type": "mskb", "idList": ["KB5005563"]}, {"type": "mscve", "idList": ["MS:CVE-2021-40444"]}, {"type": "krebs", "idList": ["KREBS:409088FC2DFC219B74043104C2B672CC", "KREBS:2EC42B845847A6DCFE50ECEB9FF61C29"]}, {"type": "avleonov", "idList": ["AVLEONOV:5945665DFA613F7707360C10CED8C916"]}, {"type": "rapid7blog", "idList": ["RAPID7BLOG:CC071AA6971D64B0F7A596B2BBD5F046"]}, {"type": "qualysblog", "idList": ["QUALYSBLOG:5576D16DC39617927D8AEFF027CC0911"]}], "modified": "2021-10-13T07:41:23", "rev": 2}, "score": {"value": 4.4, "vector": "NONE", "modified": "2021-10-13T07:41:23", "rev": 2}}, "objectVersion": "1.6", "attackerkb": {"attackerValue": 3, "exploitability": 2}, "wildExploited": true, "wildExploitedCategory": {"Vendor Advisory": "", "News Article or Blog": ""}, "wildExploitedReports": [{"category": "Vendor Advisory", "source_url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-40444", "published": "2021-09-07T18:47:00"}, {"category": "Vendor Advisory", "source_url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-40444", "published": "2021-09-07T22:50:00"}, {"category": "Vendor Advisory", "source_url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-40444", "published": "2021-09-09T09:55:00"}, {"category": "News Article or Blog", "source_url": "", "published": "2021-09-10T05:06:00"}, {"category": "Vendor Advisory", "source_url": "https://www.microsoft.com/security/blog/2021/09/15/analyzing-attacks-that-exploit-the-mshtml-cve-2021-40444-vulnerability/", "published": "2021-09-17T14:53:00"}, {"category": "Threat Feed", "source_url": "", "published": "2021-09-17T14:53:00"}], "references_categories": {"Canonical": ["https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-40444"], "Miscellaneous": ["https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-40444", "http://packetstormsecurity.com/files/164210/Microsoft-Windows-MSHTML-Overview.html"]}, "tags": ["requires_interaction", "obscure_configuration"], "mitre_vector": {"Execution": ["Command and Scripting Interpreter: Windows Command Shell(Validated)", "Exploitation for Client Execution(Validated)", "User Execution(Validated)"]}, "last_activity": "2021-09-25T00:00:00"}, "lastseen": "2021-10-13T07:41:23", "differentElements": ["href"], "edition": 100}, {"bulletin": {"id": "AKB:F7CCD0B7-220B-49E5-A4DF-27E26B64A3F0", "hash": "f895324dfc94580c2fd6a7d9a0f2f27a", "type": "attackerkb", "bulletinFamily": "info", "title": "CVE-2021-40444", "description": "Microsoft MSHTML Remote Code Execution Vulnerability\n\n \n**Recent assessments:** \n \n**JunquerGJ** at September 07, 2021 10:50pm UTC reported:\n\n * Vulnerable if default behaviour has been changed ( By default, Microsoft Office opens documents from the internet in Protected View or Application Guard for Office both of which prevent the current attack ) \n\n * Requires social engineering to be exploited \n\n * Workaround easy to deploy\n\n**ccondon-r7** at September 07, 2021 7:12pm UTC reported:\n\n * Vulnerable if default behaviour has been changed ( By default, Microsoft Office opens documents from the internet in Protected View or Application Guard for Office both of which prevent the current attack ) \n\n * Requires social engineering to be exploited \n\n * Workaround easy to deploy\n\n**nu11secur1ty** at September 22, 2021 4:28pm UTC reported:\n\n * Vulnerable if default behaviour has been changed ( By default, Microsoft Office opens documents from the internet in Protected View or Application Guard for Office both of which prevent the current attack ) \n\n * Requires social engineering to be exploited \n\n * Workaround easy to deploy\n\n**NinjaOperator** at September 07, 2021 6:45pm UTC reported:\n\n * Vulnerable if default behaviour has been changed ( By default, Microsoft Office opens documents from the internet in Protected View or Application Guard for Office both of which prevent the current attack ) \n\n * Requires social engineering to be exploited \n\n * Workaround easy to deploy\n\nAssessed Attacker Value: 3 \nAssessed Attacker Value: 3Assessed Attacker Value: 2\n", "published": "2021-09-15T00:00:00", "modified": "2021-09-25T00:00:00", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}, "cvss2": {}, "cvss3": {}, "href": "https://attackerkb.com/comments/d5168efc-757d-4584-a59f-dd75d566c156", "reporter": "AttackerKB", "references": ["https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-40444", "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-40444", "http://packetstormsecurity.com/files/164210/Microsoft-Windows-MSHTML-Overview.html"], "cvelist": ["CVE-2021-40444"], "immutableFields": [], "lastseen": "2021-10-13T16:42:09", "history": [], "viewCount": 53, "enchantments": {"dependencies": {"references": [{"type": "cve", "idList": ["CVE-2021-40444"]}, {"type": "kitploit", "idList": ["KITPLOIT:942518396640901655", "KITPLOIT:5184284878903042540", "KITPLOIT:5230148353750207837", "KITPLOIT:3456474172768099634", "KITPLOIT:698315176468431184", "KITPLOIT:4033244480100620751", "KITPLOIT:2590785192528609562", "KITPLOIT:5187040326820919368", "KITPLOIT:1624142243530526923", "KITPLOIT:3697667464193804316", "KITPLOIT:4074521293617632933", "KITPLOIT:5550923684662771880"]}, {"type": "securelist", "idList": ["SECURELIST:63306FA6D056BD9A04969409AC790D84"]}, {"type": "cisa", "idList": ["CISA:C70D91615E3DC8B589B493118D474566"]}, {"type": "mmpc", "idList": ["MMPC:795E0A765679492C51FEFA2B19EAD597"]}, {"type": "mssecure", "idList": ["MSSECURE:795E0A765679492C51FEFA2B19EAD597"]}, {"type": "trendmicroblog", "idList": ["TRENDMICROBLOG:E17B66F8728189778826A0F497A540F2", "TRENDMICROBLOG:E0C479F55DF4C53A47CA2170110555AE"]}, {"type": "nessus", "idList": ["SMB_NT_MS21_SEP_5005565.NASL", "SMB_NT_MS21_SEP_5005573.NASL", "SMB_NT_MS21_IE_SEPT_2021.NASL", "SMB_NT_MS21_SEP_5005566.NASL", "SMB_NT_MS21_SEP_5005569.NASL", "SMB_NT_MS21_SEP_5005613.NASL", "SMB_NT_MS21_SEP_INTERNET_EXPLORER.NASL", "SMB_NT_MS21_SEP_5005568.NASL"]}, {"type": "kaspersky", "idList": ["KLA12278", "KLA12277"]}, {"type": "malwarebytes", "idList": ["MALWAREBYTES:801E20618F96EF51F9E60F7BC7906C2B", "MALWAREBYTES:DB54B348AF1AC41987150B5CE7B1BC66", "MALWAREBYTES:76333D1F0FCAFD79FA2EDD4A4CAFBB38"]}, {"type": "thn", "idList": ["THN:59AE75C78D4644BFA6AD90225B3DE0C1", "THN:D4E86BD8938D3B2E15104CA4922A51F8", "THN:67ECC712AB360F5A56F2434CDBF6B51F"]}, {"type": "threatpost", "idList": ["THREATPOST:6D61C560E85ECD0A7A35C55E74849510", "THREATPOST:62DC935BF4DB4EF8A4F1E83519B1D5CD", "THREATPOST:3C3F20C93519036CC712D1CA3A6D7C48"]}, {"type": "mskb", "idList": ["KB5005563"]}, {"type": "mscve", "idList": ["MS:CVE-2021-40444"]}, {"type": "krebs", "idList": ["KREBS:409088FC2DFC219B74043104C2B672CC", "KREBS:2EC42B845847A6DCFE50ECEB9FF61C29"]}, {"type": "avleonov", "idList": ["AVLEONOV:5945665DFA613F7707360C10CED8C916"]}, {"type": "rapid7blog", "idList": ["RAPID7BLOG:CC071AA6971D64B0F7A596B2BBD5F046"]}, {"type": "qualysblog", "idList": ["QUALYSBLOG:5576D16DC39617927D8AEFF027CC0911"]}], "modified": "2021-10-13T07:41:23", "rev": 2}, "score": {"value": 4.4, "vector": "NONE", "modified": "2021-10-13T07:41:23", "rev": 2}}, "objectVersion": "1.6", "attackerkb": {"attackerValue": 3, "exploitability": 2}, "wildExploited": true, "wildExploitedCategory": {"Vendor Advisory": "", "News Article or Blog": ""}, "wildExploitedReports": [{"category": "Vendor Advisory", "source_url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-40444", "published": "2021-09-07T18:47:00"}, {"category": "Vendor Advisory", "source_url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-40444", "published": "2021-09-07T22:50:00"}, {"category": "Vendor Advisory", "source_url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-40444", "published": "2021-09-09T09:55:00"}, {"category": "News Article or Blog", "source_url": "", "published": "2021-09-10T05:06:00"}, {"category": "Vendor Advisory", "source_url": "https://www.microsoft.com/security/blog/2021/09/15/analyzing-attacks-that-exploit-the-mshtml-cve-2021-40444-vulnerability/", "published": "2021-09-17T14:53:00"}, {"category": "Threat Feed", "source_url": "", "published": "2021-09-17T14:53:00"}], "references_categories": {"Canonical": ["https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-40444"], "Miscellaneous": ["https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-40444", "http://packetstormsecurity.com/files/164210/Microsoft-Windows-MSHTML-Overview.html"]}, "tags": ["requires_interaction", "obscure_configuration"], "mitre_vector": {"Execution": ["Command and Scripting Interpreter: Windows Command Shell(Validated)", "Exploitation for Client Execution(Validated)", "User Execution(Validated)"]}, "last_activity": "2021-09-25T00:00:00"}, "lastseen": "2021-10-13T16:42:09", "differentElements": ["href"], "edition": 101}, {"bulletin": {"id": "AKB:F7CCD0B7-220B-49E5-A4DF-27E26B64A3F0", "hash": "3d52b470d5472513daaca763ba17c977", "type": "attackerkb", "bulletinFamily": "info", "title": "CVE-2021-40444", "description": "Microsoft MSHTML Remote Code Execution Vulnerability\n\n \n**Recent assessments:** \n \n**JunquerGJ** at September 07, 2021 10:50pm UTC reported:\n\n * Vulnerable if default behaviour has been changed ( By default, Microsoft Office opens documents from the internet in Protected View or Application Guard for Office both of which prevent the current attack ) \n\n * Requires social engineering to be exploited \n\n * Workaround easy to deploy\n\n**ccondon-r7** at September 07, 2021 7:12pm UTC reported:\n\n * Vulnerable if default behaviour has been changed ( By default, Microsoft Office opens documents from the internet in Protected View or Application Guard for Office both of which prevent the current attack ) \n\n * Requires social engineering to be exploited \n\n * Workaround easy to deploy\n\n**nu11secur1ty** at September 22, 2021 4:28pm UTC reported:\n\n * Vulnerable if default behaviour has been changed ( By default, Microsoft Office opens documents from the internet in Protected View or Application Guard for Office both of which prevent the current attack ) \n\n * Requires social engineering to be exploited \n\n * Workaround easy to deploy\n\n**NinjaOperator** at September 07, 2021 6:45pm UTC reported:\n\n * Vulnerable if default behaviour has been changed ( By default, Microsoft Office opens documents from the internet in Protected View or Application Guard for Office both of which prevent the current attack ) \n\n * Requires social engineering to be exploited \n\n * Workaround easy to deploy\n\nAssessed Attacker Value: 3 \nAssessed Attacker Value: 3Assessed Attacker Value: 2\n", "published": "2021-09-15T00:00:00", "modified": "2021-09-25T00:00:00", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}, "cvss2": {}, "cvss3": {}, "href": "https://attackerkb.com/topics/6ojqzQoPox/cve-2021-40444", "reporter": "AttackerKB", "references": ["https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-40444", "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-40444", "http://packetstormsecurity.com/files/164210/Microsoft-Windows-MSHTML-Overview.html"], "cvelist": ["CVE-2021-40444"], "immutableFields": [], "lastseen": "2021-10-13T16:43:10", "history": [], "viewCount": 53, "enchantments": {"dependencies": {"references": [{"type": "cve", "idList": ["CVE-2021-40444"]}, {"type": "kitploit", "idList": ["KITPLOIT:942518396640901655", "KITPLOIT:5184284878903042540", "KITPLOIT:5230148353750207837", "KITPLOIT:3456474172768099634", "KITPLOIT:698315176468431184", "KITPLOIT:4033244480100620751", "KITPLOIT:2590785192528609562", "KITPLOIT:5187040326820919368", "KITPLOIT:1624142243530526923", "KITPLOIT:3697667464193804316", "KITPLOIT:4074521293617632933", "KITPLOIT:5550923684662771880"]}, {"type": "securelist", "idList": ["SECURELIST:63306FA6D056BD9A04969409AC790D84"]}, {"type": "cisa", "idList": ["CISA:C70D91615E3DC8B589B493118D474566"]}, {"type": "mmpc", "idList": ["MMPC:795E0A765679492C51FEFA2B19EAD597"]}, {"type": "mssecure", "idList": ["MSSECURE:795E0A765679492C51FEFA2B19EAD597"]}, {"type": "trendmicroblog", "idList": ["TRENDMICROBLOG:E17B66F8728189778826A0F497A540F2", "TRENDMICROBLOG:E0C479F55DF4C53A47CA2170110555AE"]}, {"type": "nessus", "idList": ["SMB_NT_MS21_SEP_5005565.NASL", "SMB_NT_MS21_SEP_5005573.NASL", "SMB_NT_MS21_IE_SEPT_2021.NASL", "SMB_NT_MS21_SEP_5005566.NASL", "SMB_NT_MS21_SEP_5005569.NASL", "SMB_NT_MS21_SEP_5005613.NASL", "SMB_NT_MS21_SEP_INTERNET_EXPLORER.NASL", "SMB_NT_MS21_SEP_5005568.NASL"]}, {"type": "kaspersky", "idList": ["KLA12278", "KLA12277"]}, {"type": "malwarebytes", "idList": ["MALWAREBYTES:801E20618F96EF51F9E60F7BC7906C2B", "MALWAREBYTES:DB54B348AF1AC41987150B5CE7B1BC66", "MALWAREBYTES:76333D1F0FCAFD79FA2EDD4A4CAFBB38"]}, {"type": "thn", "idList": ["THN:59AE75C78D4644BFA6AD90225B3DE0C1", "THN:D4E86BD8938D3B2E15104CA4922A51F8", "THN:67ECC712AB360F5A56F2434CDBF6B51F"]}, {"type": "threatpost", "idList": ["THREATPOST:6D61C560E85ECD0A7A35C55E74849510", "THREATPOST:62DC935BF4DB4EF8A4F1E83519B1D5CD", "THREATPOST:3C3F20C93519036CC712D1CA3A6D7C48"]}, {"type": "mskb", "idList": ["KB5005563"]}, {"type": "mscve", "idList": ["MS:CVE-2021-40444"]}, {"type": "krebs", "idList": ["KREBS:409088FC2DFC219B74043104C2B672CC", "KREBS:2EC42B845847A6DCFE50ECEB9FF61C29"]}, {"type": "avleonov", "idList": ["AVLEONOV:5945665DFA613F7707360C10CED8C916"]}, {"type": "rapid7blog", "idList": ["RAPID7BLOG:CC071AA6971D64B0F7A596B2BBD5F046"]}, {"type": "qualysblog", "idList": ["QUALYSBLOG:5576D16DC39617927D8AEFF027CC0911"]}], "modified": "2021-10-13T07:41:23", "rev": 2}, "score": {"value": 4.4, "vector": "NONE", "modified": "2021-10-13T07:41:23", "rev": 2}}, "objectVersion": "1.6", "attackerkb": {"attackerValue": 3, "exploitability": 2}, "wildExploited": true, "wildExploitedCategory": {"Vendor Advisory": "", "News Article or Blog": ""}, "wildExploitedReports": [{"category": "Vendor Advisory", "source_url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-40444", "published": "2021-09-07T18:47:00"}, {"category": "Vendor Advisory", "source_url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-40444", "published": "2021-09-07T22:50:00"}, {"category": "Vendor Advisory", "source_url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-40444", "published": "2021-09-09T09:55:00"}, {"category": "News Article or Blog", "source_url": "", "published": "2021-09-10T05:06:00"}, {"category": "Vendor Advisory", "source_url": "https://www.microsoft.com/security/blog/2021/09/15/analyzing-attacks-that-exploit-the-mshtml-cve-2021-40444-vulnerability/", "published": "2021-09-17T14:53:00"}, {"category": "Threat Feed", "source_url": "", "published": "2021-09-17T14:53:00"}], "references_categories": {"Canonical": ["https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-40444"], "Miscellaneous": ["https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-40444", "http://packetstormsecurity.com/files/164210/Microsoft-Windows-MSHTML-Overview.html"]}, "tags": ["requires_interaction", "obscure_configuration"], "mitre_vector": {"Execution": ["Command and Scripting Interpreter: Windows Command Shell(Validated)", "Exploitation for Client Execution(Validated)", "User Execution(Validated)"]}, "last_activity": "2021-09-25T00:00:00"}, "lastseen": "2021-10-13T16:43:10", "differentElements": ["href"], "edition": 102}, {"bulletin": {"id": "AKB:F7CCD0B7-220B-49E5-A4DF-27E26B64A3F0", "hash": "f895324dfc94580c2fd6a7d9a0f2f27a", "type": "attackerkb", "bulletinFamily": "info", "title": "CVE-2021-40444", "description": "Microsoft MSHTML Remote Code Execution Vulnerability\n\n \n**Recent assessments:** \n \n**JunquerGJ** at September 07, 2021 10:50pm UTC reported:\n\n * Vulnerable if default behaviour has been changed ( By default, Microsoft Office opens documents from the internet in Protected View or Application Guard for Office both of which prevent the current attack ) \n\n * Requires social engineering to be exploited \n\n * Workaround easy to deploy\n\n**ccondon-r7** at September 07, 2021 7:12pm UTC reported:\n\n * Vulnerable if default behaviour has been changed ( By default, Microsoft Office opens documents from the internet in Protected View or Application Guard for Office both of which prevent the current attack ) \n\n * Requires social engineering to be exploited \n\n * Workaround easy to deploy\n\n**nu11secur1ty** at September 22, 2021 4:28pm UTC reported:\n\n * Vulnerable if default behaviour has been changed ( By default, Microsoft Office opens documents from the internet in Protected View or Application Guard for Office both of which prevent the current attack ) \n\n * Requires social engineering to be exploited \n\n * Workaround easy to deploy\n\n**NinjaOperator** at September 07, 2021 6:45pm UTC reported:\n\n * Vulnerable if default behaviour has been changed ( By default, Microsoft Office opens documents from the internet in Protected View or Application Guard for Office both of which prevent the current attack ) \n\n * Requires social engineering to be exploited \n\n * Workaround easy to deploy\n\nAssessed Attacker Value: 3 \nAssessed Attacker Value: 3Assessed Attacker Value: 2\n", "published": "2021-09-15T00:00:00", "modified": "2021-09-25T00:00:00", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}, "cvss2": {}, "cvss3": {}, "href": "https://attackerkb.com/comments/d5168efc-757d-4584-a59f-dd75d566c156", "reporter": "AttackerKB", "references": ["https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-40444", "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-40444", "http://packetstormsecurity.com/files/164210/Microsoft-Windows-MSHTML-Overview.html"], "cvelist": ["CVE-2021-40444"], "immutableFields": [], "lastseen": "2021-10-13T19:41:25", "history": [], "viewCount": 53, "enchantments": {"dependencies": {"references": [{"type": "cve", "idList": ["CVE-2021-40444"]}, {"type": "kitploit", "idList": ["KITPLOIT:2590785192528609562", "KITPLOIT:5230148353750207837", "KITPLOIT:698315176468431184", "KITPLOIT:1624142243530526923", "KITPLOIT:4074521293617632933", "KITPLOIT:5184284878903042540", "KITPLOIT:5187040326820919368", "KITPLOIT:3456474172768099634", "KITPLOIT:942518396640901655", "KITPLOIT:3697667464193804316", "KITPLOIT:4033244480100620751", "KITPLOIT:5550923684662771880"]}, {"type": "securelist", "idList": ["SECURELIST:63306FA6D056BD9A04969409AC790D84"]}, {"type": "cisa", "idList": ["CISA:C70D91615E3DC8B589B493118D474566"]}, {"type": "mmpc", "idList": ["MMPC:795E0A765679492C51FEFA2B19EAD597"]}, {"type": "mssecure", "idList": ["MSSECURE:795E0A765679492C51FEFA2B19EAD597"]}, {"type": "trendmicroblog", "idList": ["TRENDMICROBLOG:E0C479F55DF4C53A47CA2170110555AE", "TRENDMICROBLOG:E17B66F8728189778826A0F497A540F2"]}, {"type": "nessus", "idList": ["SMB_NT_MS21_IE_SEPT_2021.NASL", "SMB_NT_MS21_SEP_5005568.NASL", "SMB_NT_MS21_SEP_5005573.NASL", "SMB_NT_MS21_SEP_5005613.NASL", "SMB_NT_MS21_SEP_5005565.NASL", "SMB_NT_MS21_SEP_INTERNET_EXPLORER.NASL", "SMB_NT_MS21_SEP_5005566.NASL", "SMB_NT_MS21_SEP_5005569.NASL"]}, {"type": "kaspersky", "idList": ["KLA12278", "KLA12277"]}, {"type": "malwarebytes", "idList": ["MALWAREBYTES:DB54B348AF1AC41987150B5CE7B1BC66", "MALWAREBYTES:76333D1F0FCAFD79FA2EDD4A4CAFBB38", "MALWAREBYTES:801E20618F96EF51F9E60F7BC7906C2B"]}, {"type": "thn", "idList": ["THN:67ECC712AB360F5A56F2434CDBF6B51F", "THN:59AE75C78D4644BFA6AD90225B3DE0C1", "THN:D4E86BD8938D3B2E15104CA4922A51F8"]}, {"type": "threatpost", "idList": ["THREATPOST:6D61C560E85ECD0A7A35C55E74849510", "THREATPOST:62DC935BF4DB4EF8A4F1E83519B1D5CD", "THREATPOST:3C3F20C93519036CC712D1CA3A6D7C48"]}, {"type": "mskb", "idList": ["KB5005563"]}, {"type": "mscve", "idList": ["MS:CVE-2021-40444"]}, {"type": "krebs", "idList": ["KREBS:409088FC2DFC219B74043104C2B672CC", "KREBS:2EC42B845847A6DCFE50ECEB9FF61C29"]}, {"type": "avleonov", "idList": ["AVLEONOV:5945665DFA613F7707360C10CED8C916"]}, {"type": "rapid7blog", "idList": ["RAPID7BLOG:CC071AA6971D64B0F7A596B2BBD5F046"]}, {"type": "qualysblog", "idList": ["QUALYSBLOG:5576D16DC39617927D8AEFF027CC0911"]}], "modified": "2021-10-13T19:41:25", "rev": 2}, "score": {"value": 4.4, "vector": "NONE", "modified": "2021-10-13T19:41:25", "rev": 2}}, "objectVersion": "1.6", "attackerkb": {"attackerValue": 3, "exploitability": 2}, "wildExploited": true, "wildExploitedCategory": {"Vendor Advisory": "", "News Article or Blog": ""}, "wildExploitedReports": [{"category": "Vendor Advisory", "source_url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-40444", "published": "2021-09-07T18:47:00"}, {"category": "Vendor Advisory", "source_url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-40444", "published": "2021-09-07T22:50:00"}, {"category": "Vendor Advisory", "source_url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-40444", "published": "2021-09-09T09:55:00"}, {"category": "News Article or Blog", "source_url": "", "published": "2021-09-10T05:06:00"}, {"category": "Vendor Advisory", "source_url": "https://www.microsoft.com/security/blog/2021/09/15/analyzing-attacks-that-exploit-the-mshtml-cve-2021-40444-vulnerability/", "published": "2021-09-17T14:53:00"}, {"category": "Threat Feed", "source_url": "", "published": "2021-09-17T14:53:00"}], "references_categories": {"Canonical": ["https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-40444"], "Miscellaneous": ["https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-40444", "http://packetstormsecurity.com/files/164210/Microsoft-Windows-MSHTML-Overview.html"]}, "tags": ["requires_interaction", "obscure_configuration"], "mitre_vector": {"Execution": ["Command and Scripting Interpreter: Windows Command Shell(Validated)", "Exploitation for Client Execution(Validated)", "User Execution(Validated)"]}, "last_activity": "2021-09-25T00:00:00"}, "lastseen": "2021-10-13T19:41:25", "differentElements": ["href"], "edition": 103}, {"bulletin": {"id": "AKB:F7CCD0B7-220B-49E5-A4DF-27E26B64A3F0", "hash": "3d52b470d5472513daaca763ba17c977", "type": "attackerkb", "bulletinFamily": "info", "title": "CVE-2021-40444", "description": "Microsoft MSHTML Remote Code Execution Vulnerability\n\n \n**Recent assessments:** \n \n**JunquerGJ** at September 07, 2021 10:50pm UTC reported:\n\n * Vulnerable if default behaviour has been changed ( By default, Microsoft Office opens documents from the internet in Protected View or Application Guard for Office both of which prevent the current attack ) \n\n * Requires social engineering to be exploited \n\n * Workaround easy to deploy\n\n**ccondon-r7** at September 07, 2021 7:12pm UTC reported:\n\n * Vulnerable if default behaviour has been changed ( By default, Microsoft Office opens documents from the internet in Protected View or Application Guard for Office both of which prevent the current attack ) \n\n * Requires social engineering to be exploited \n\n * Workaround easy to deploy\n\n**nu11secur1ty** at September 22, 2021 4:28pm UTC reported:\n\n * Vulnerable if default behaviour has been changed ( By default, Microsoft Office opens documents from the internet in Protected View or Application Guard for Office both of which prevent the current attack ) \n\n * Requires social engineering to be exploited \n\n * Workaround easy to deploy\n\n**NinjaOperator** at September 07, 2021 6:45pm UTC reported:\n\n * Vulnerable if default behaviour has been changed ( By default, Microsoft Office opens documents from the internet in Protected View or Application Guard for Office both of which prevent the current attack ) \n\n * Requires social engineering to be exploited \n\n * Workaround easy to deploy\n\nAssessed Attacker Value: 3 \nAssessed Attacker Value: 3Assessed Attacker Value: 2\n", "published": "2021-09-15T00:00:00", "modified": "2021-09-25T00:00:00", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}, "cvss2": {}, "cvss3": {}, "href": "https://attackerkb.com/topics/6ojqzQoPox/cve-2021-40444", "reporter": "AttackerKB", "references": ["https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-40444", "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-40444", "http://packetstormsecurity.com/files/164210/Microsoft-Windows-MSHTML-Overview.html"], "cvelist": ["CVE-2021-40444"], "immutableFields": [], "lastseen": "2021-10-13T22:41:26", "history": [], "viewCount": 53, "enchantments": {"dependencies": {"references": [{"type": "cve", "idList": ["CVE-2021-40444"]}, {"type": "kitploit", "idList": ["KITPLOIT:2590785192528609562", "KITPLOIT:5230148353750207837", "KITPLOIT:698315176468431184", "KITPLOIT:1624142243530526923", "KITPLOIT:4074521293617632933", "KITPLOIT:5184284878903042540", "KITPLOIT:5187040326820919368", "KITPLOIT:3456474172768099634", "KITPLOIT:942518396640901655", "KITPLOIT:3697667464193804316", "KITPLOIT:4033244480100620751", "KITPLOIT:5550923684662771880"]}, {"type": "securelist", "idList": ["SECURELIST:63306FA6D056BD9A04969409AC790D84"]}, {"type": "cisa", "idList": ["CISA:C70D91615E3DC8B589B493118D474566"]}, {"type": "mmpc", "idList": ["MMPC:795E0A765679492C51FEFA2B19EAD597"]}, {"type": "mssecure", "idList": ["MSSECURE:795E0A765679492C51FEFA2B19EAD597"]}, {"type": "trendmicroblog", "idList": ["TRENDMICROBLOG:E0C479F55DF4C53A47CA2170110555AE", "TRENDMICROBLOG:E17B66F8728189778826A0F497A540F2"]}, {"type": "nessus", "idList": ["SMB_NT_MS21_IE_SEPT_2021.NASL", "SMB_NT_MS21_SEP_5005568.NASL", "SMB_NT_MS21_SEP_5005573.NASL", "SMB_NT_MS21_SEP_5005613.NASL", "SMB_NT_MS21_SEP_5005565.NASL", "SMB_NT_MS21_SEP_INTERNET_EXPLORER.NASL", "SMB_NT_MS21_SEP_5005566.NASL", "SMB_NT_MS21_SEP_5005569.NASL"]}, {"type": "kaspersky", "idList": ["KLA12278", "KLA12277"]}, {"type": "malwarebytes", "idList": ["MALWAREBYTES:DB54B348AF1AC41987150B5CE7B1BC66", "MALWAREBYTES:76333D1F0FCAFD79FA2EDD4A4CAFBB38", "MALWAREBYTES:801E20618F96EF51F9E60F7BC7906C2B"]}, {"type": "thn", "idList": ["THN:67ECC712AB360F5A56F2434CDBF6B51F", "THN:59AE75C78D4644BFA6AD90225B3DE0C1", "THN:D4E86BD8938D3B2E15104CA4922A51F8"]}, {"type": "threatpost", "idList": ["THREATPOST:6D61C560E85ECD0A7A35C55E74849510", "THREATPOST:62DC935BF4DB4EF8A4F1E83519B1D5CD", "THREATPOST:3C3F20C93519036CC712D1CA3A6D7C48"]}, {"type": "mskb", "idList": ["KB5005563"]}, {"type": "mscve", "idList": ["MS:CVE-2021-40444"]}, {"type": "krebs", "idList": ["KREBS:409088FC2DFC219B74043104C2B672CC", "KREBS:2EC42B845847A6DCFE50ECEB9FF61C29"]}, {"type": "avleonov", "idList": ["AVLEONOV:5945665DFA613F7707360C10CED8C916"]}, {"type": "rapid7blog", "idList": ["RAPID7BLOG:CC071AA6971D64B0F7A596B2BBD5F046"]}, {"type": "qualysblog", "idList": ["QUALYSBLOG:5576D16DC39617927D8AEFF027CC0911"]}], "modified": "2021-10-13T19:41:25", "rev": 2}, "score": {"value": 4.4, "vector": "NONE", "modified": "2021-10-13T19:41:25", "rev": 2}}, "objectVersion": "1.6", "attackerkb": {"attackerValue": 3, "exploitability": 2}, "wildExploited": true, "wildExploitedCategory": {"Vendor Advisory": "", "News Article or Blog": ""}, "wildExploitedReports": [{"category": "Vendor Advisory", "source_url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-40444", "published": "2021-09-07T18:47:00"}, {"category": "Vendor Advisory", "source_url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-40444", "published": "2021-09-07T22:50:00"}, {"category": "Vendor Advisory", "source_url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-40444", "published": "2021-09-09T09:55:00"}, {"category": "News Article or Blog", "source_url": "", "published": "2021-09-10T05:06:00"}, {"category": "Vendor Advisory", "source_url": "https://www.microsoft.com/security/blog/2021/09/15/analyzing-attacks-that-exploit-the-mshtml-cve-2021-40444-vulnerability/", "published": "2021-09-17T14:53:00"}, {"category": "Threat Feed", "source_url": "", "published": "2021-09-17T14:53:00"}], "references_categories": {"Canonical": ["https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-40444"], "Miscellaneous": ["https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-40444", "http://packetstormsecurity.com/files/164210/Microsoft-Windows-MSHTML-Overview.html"]}, "tags": ["requires_interaction", "obscure_configuration"], "mitre_vector": {"Execution": ["Command and Scripting Interpreter: Windows Command Shell(Validated)", "Exploitation for Client Execution(Validated)", "User Execution(Validated)"]}, "last_activity": "2021-09-25T00:00:00"}, "lastseen": "2021-10-13T22:41:26", "differentElements": ["href"], "edition": 104}, {"bulletin": {"id": "AKB:F7CCD0B7-220B-49E5-A4DF-27E26B64A3F0", "hash": "f895324dfc94580c2fd6a7d9a0f2f27a", "type": "attackerkb", "bulletinFamily": "info", "title": "CVE-2021-40444", "description": "Microsoft MSHTML Remote Code Execution Vulnerability\n\n \n**Recent assessments:** \n \n**JunquerGJ** at September 07, 2021 10:50pm UTC reported:\n\n * Vulnerable if default behaviour has been changed ( By default, Microsoft Office opens documents from the internet in Protected View or Application Guard for Office both of which prevent the current attack ) \n\n * Requires social engineering to be exploited \n\n * Workaround easy to deploy\n\n**ccondon-r7** at September 07, 2021 7:12pm UTC reported:\n\n * Vulnerable if default behaviour has been changed ( By default, Microsoft Office opens documents from the internet in Protected View or Application Guard for Office both of which prevent the current attack ) \n\n * Requires social engineering to be exploited \n\n * Workaround easy to deploy\n\n**nu11secur1ty** at September 22, 2021 4:28pm UTC reported:\n\n * Vulnerable if default behaviour has been changed ( By default, Microsoft Office opens documents from the internet in Protected View or Application Guard for Office both of which prevent the current attack ) \n\n * Requires social engineering to be exploited \n\n * Workaround easy to deploy\n\n**NinjaOperator** at September 07, 2021 6:45pm UTC reported:\n\n * Vulnerable if default behaviour has been changed ( By default, Microsoft Office opens documents from the internet in Protected View or Application Guard for Office both of which prevent the current attack ) \n\n * Requires social engineering to be exploited \n\n * Workaround easy to deploy\n\nAssessed Attacker Value: 3 \nAssessed Attacker Value: 3Assessed Attacker Value: 2\n", "published": "2021-09-15T00:00:00", "modified": "2021-09-25T00:00:00", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}, "cvss2": {}, "cvss3": {}, "href": "https://attackerkb.com/comments/d5168efc-757d-4584-a59f-dd75d566c156", "reporter": "AttackerKB", "references": ["https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-40444", "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-40444", "http://packetstormsecurity.com/files/164210/Microsoft-Windows-MSHTML-Overview.html"], "cvelist": ["CVE-2021-40444"], "immutableFields": [], "lastseen": "2021-10-14T04:41:49", "history": [], "viewCount": 53, "enchantments": {"dependencies": {"references": [{"type": "cve", "idList": ["CVE-2021-40444"]}, {"type": "kitploit", "idList": ["KITPLOIT:2590785192528609562", "KITPLOIT:5230148353750207837", "KITPLOIT:698315176468431184", "KITPLOIT:1624142243530526923", "KITPLOIT:4074521293617632933", "KITPLOIT:5184284878903042540", "KITPLOIT:5187040326820919368", "KITPLOIT:3456474172768099634", "KITPLOIT:942518396640901655", "KITPLOIT:3697667464193804316", "KITPLOIT:4033244480100620751", "KITPLOIT:5550923684662771880"]}, {"type": "securelist", "idList": ["SECURELIST:63306FA6D056BD9A04969409AC790D84"]}, {"type": "cisa", "idList": ["CISA:C70D91615E3DC8B589B493118D474566"]}, {"type": "mmpc", "idList": ["MMPC:795E0A765679492C51FEFA2B19EAD597"]}, {"type": "mssecure", "idList": ["MSSECURE:795E0A765679492C51FEFA2B19EAD597"]}, {"type": "trendmicroblog", "idList": ["TRENDMICROBLOG:E0C479F55DF4C53A47CA2170110555AE", "TRENDMICROBLOG:E17B66F8728189778826A0F497A540F2"]}, {"type": "nessus", "idList": ["SMB_NT_MS21_IE_SEPT_2021.NASL", "SMB_NT_MS21_SEP_5005568.NASL", "SMB_NT_MS21_SEP_5005573.NASL", "SMB_NT_MS21_SEP_5005613.NASL", "SMB_NT_MS21_SEP_5005565.NASL", "SMB_NT_MS21_SEP_INTERNET_EXPLORER.NASL", "SMB_NT_MS21_SEP_5005566.NASL", "SMB_NT_MS21_SEP_5005569.NASL"]}, {"type": "kaspersky", "idList": ["KLA12278", "KLA12277"]}, {"type": "malwarebytes", "idList": ["MALWAREBYTES:DB54B348AF1AC41987150B5CE7B1BC66", "MALWAREBYTES:76333D1F0FCAFD79FA2EDD4A4CAFBB38", "MALWAREBYTES:801E20618F96EF51F9E60F7BC7906C2B"]}, {"type": "thn", "idList": ["THN:67ECC712AB360F5A56F2434CDBF6B51F", "THN:59AE75C78D4644BFA6AD90225B3DE0C1", "THN:D4E86BD8938D3B2E15104CA4922A51F8"]}, {"type": "threatpost", "idList": ["THREATPOST:6D61C560E85ECD0A7A35C55E74849510", "THREATPOST:62DC935BF4DB4EF8A4F1E83519B1D5CD", "THREATPOST:3C3F20C93519036CC712D1CA3A6D7C48"]}, {"type": "mskb", "idList": ["KB5005563"]}, {"type": "mscve", "idList": ["MS:CVE-2021-40444"]}, {"type": "krebs", "idList": ["KREBS:409088FC2DFC219B74043104C2B672CC", "KREBS:2EC42B845847A6DCFE50ECEB9FF61C29"]}, {"type": "avleonov", "idList": ["AVLEONOV:5945665DFA613F7707360C10CED8C916"]}, {"type": "rapid7blog", "idList": ["RAPID7BLOG:CC071AA6971D64B0F7A596B2BBD5F046"]}, {"type": "qualysblog", "idList": ["QUALYSBLOG:5576D16DC39617927D8AEFF027CC0911"]}], "modified": "2021-10-13T19:41:25", "rev": 2}, "score": {"value": 4.4, "vector": "NONE", "modified": "2021-10-13T19:41:25", "rev": 2}}, "objectVersion": "1.6", "attackerkb": {"attackerValue": 3, "exploitability": 2}, "wildExploited": true, "wildExploitedCategory": {"Vendor Advisory": "", "News Article or Blog": ""}, "wildExploitedReports": [{"category": "Vendor Advisory", "source_url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-40444", "published": "2021-09-07T18:47:00"}, {"category": "Vendor Advisory", "source_url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-40444", "published": "2021-09-07T22:50:00"}, {"category": "Vendor Advisory", "source_url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-40444", "published": "2021-09-09T09:55:00"}, {"category": "News Article or Blog", "source_url": "", "published": "2021-09-10T05:06:00"}, {"category": "Vendor Advisory", "source_url": "https://www.microsoft.com/security/blog/2021/09/15/analyzing-attacks-that-exploit-the-mshtml-cve-2021-40444-vulnerability/", "published": "2021-09-17T14:53:00"}, {"category": "Threat Feed", "source_url": "", "published": "2021-09-17T14:53:00"}], "references_categories": {"Canonical": ["https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-40444"], "Miscellaneous": ["https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-40444", "http://packetstormsecurity.com/files/164210/Microsoft-Windows-MSHTML-Overview.html"]}, "tags": ["requires_interaction", "obscure_configuration"], "mitre_vector": {"Execution": ["Command and Scripting Interpreter: Windows Command Shell(Validated)", "Exploitation for Client Execution(Validated)", "User Execution(Validated)"]}, "last_activity": "2021-09-25T00:00:00"}, "lastseen": "2021-10-14T04:41:49", "differentElements": ["href"], "edition": 105}, {"bulletin": {"id": "AKB:F7CCD0B7-220B-49E5-A4DF-27E26B64A3F0", "hash": "3d52b470d5472513daaca763ba17c977", "type": "attackerkb", "bulletinFamily": "info", "title": "CVE-2021-40444", "description": "Microsoft MSHTML Remote Code Execution Vulnerability\n\n \n**Recent assessments:** \n \n**JunquerGJ** at September 07, 2021 10:50pm UTC reported:\n\n * Vulnerable if default behaviour has been changed ( By default, Microsoft Office opens documents from the internet in Protected View or Application Guard for Office both of which prevent the current attack ) \n\n * Requires social engineering to be exploited \n\n * Workaround easy to deploy\n\n**ccondon-r7** at September 07, 2021 7:12pm UTC reported:\n\n * Vulnerable if default behaviour has been changed ( By default, Microsoft Office opens documents from the internet in Protected View or Application Guard for Office both of which prevent the current attack ) \n\n * Requires social engineering to be exploited \n\n * Workaround easy to deploy\n\n**nu11secur1ty** at September 22, 2021 4:28pm UTC reported:\n\n * Vulnerable if default behaviour has been changed ( By default, Microsoft Office opens documents from the internet in Protected View or Application Guard for Office both of which prevent the current attack ) \n\n * Requires social engineering to be exploited \n\n * Workaround easy to deploy\n\n**NinjaOperator** at September 07, 2021 6:45pm UTC reported:\n\n * Vulnerable if default behaviour has been changed ( By default, Microsoft Office opens documents from the internet in Protected View or Application Guard for Office both of which prevent the current attack ) \n\n * Requires social engineering to be exploited \n\n * Workaround easy to deploy\n\nAssessed Attacker Value: 3 \nAssessed Attacker Value: 3Assessed Attacker Value: 2\n", "published": "2021-09-15T00:00:00", "modified": "2021-09-25T00:00:00", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}, "cvss2": {}, "cvss3": {}, "href": "https://attackerkb.com/topics/6ojqzQoPox/cve-2021-40444", "reporter": "AttackerKB", "references": ["https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-40444", "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-40444", "http://packetstormsecurity.com/files/164210/Microsoft-Windows-MSHTML-Overview.html"], "cvelist": ["CVE-2021-40444"], "immutableFields": [], "lastseen": "2021-10-14T07:41:30", "history": [], "viewCount": 53, "enchantments": {"dependencies": {"references": [{"type": "cve", "idList": ["CVE-2021-40444"]}, {"type": "kitploit", "idList": ["KITPLOIT:942518396640901655", "KITPLOIT:5187040326820919368", "KITPLOIT:4074521293617632933", "KITPLOIT:2590785192528609562", "KITPLOIT:4033244480100620751", "KITPLOIT:3697667464193804316", "KITPLOIT:5184284878903042540", "KITPLOIT:3456474172768099634", "KITPLOIT:698315176468431184", "KITPLOIT:5230148353750207837", "KITPLOIT:5550923684662771880", "KITPLOIT:1624142243530526923"]}, {"type": "securelist", "idList": ["SECURELIST:63306FA6D056BD9A04969409AC790D84"]}, {"type": "cisa", "idList": ["CISA:C70D91615E3DC8B589B493118D474566"]}, {"type": "mssecure", "idList": ["MSSECURE:795E0A765679492C51FEFA2B19EAD597"]}, {"type": "mmpc", "idList": ["MMPC:795E0A765679492C51FEFA2B19EAD597"]}, {"type": "trendmicroblog", "idList": ["TRENDMICROBLOG:E17B66F8728189778826A0F497A540F2", "TRENDMICROBLOG:E0C479F55DF4C53A47CA2170110555AE"]}, {"type": "krebs", "idList": ["KREBS:2EC42B845847A6DCFE50ECEB9FF61C29", "KREBS:409088FC2DFC219B74043104C2B672CC"]}, {"type": "thn", "idList": ["THN:59AE75C78D4644BFA6AD90225B3DE0C1", "THN:D4E86BD8938D3B2E15104CA4922A51F8", "THN:67ECC712AB360F5A56F2434CDBF6B51F"]}, {"type": "nessus", "idList": ["SMB_NT_MS21_SEP_5005573.NASL", "SMB_NT_MS21_IE_SEPT_2021.NASL", "SMB_NT_MS21_SEP_5005613.NASL", "SMB_NT_MS21_SEP_5005569.NASL", "SMB_NT_MS21_SEP_INTERNET_EXPLORER.NASL", "SMB_NT_MS21_SEP_5005568.NASL", "SMB_NT_MS21_SEP_5005566.NASL", "SMB_NT_MS21_SEP_5005565.NASL"]}, {"type": "kaspersky", "idList": ["KLA12277", "KLA12278"]}, {"type": "malwarebytes", "idList": ["MALWAREBYTES:76333D1F0FCAFD79FA2EDD4A4CAFBB38", "MALWAREBYTES:801E20618F96EF51F9E60F7BC7906C2B", "MALWAREBYTES:DB54B348AF1AC41987150B5CE7B1BC66"]}, {"type": "threatpost", "idList": ["THREATPOST:62DC935BF4DB4EF8A4F1E83519B1D5CD", "THREATPOST:3C3F20C93519036CC712D1CA3A6D7C48", "THREATPOST:6D61C560E85ECD0A7A35C55E74849510"]}, {"type": "mskb", "idList": ["KB5005563"]}, {"type": "mscve", "idList": ["MS:CVE-2021-40444"]}, {"type": "avleonov", "idList": ["AVLEONOV:5945665DFA613F7707360C10CED8C916"]}, {"type": "rapid7blog", "idList": ["RAPID7BLOG:CC071AA6971D64B0F7A596B2BBD5F046"]}, {"type": "qualysblog", "idList": ["QUALYSBLOG:5576D16DC39617927D8AEFF027CC0911"]}], "modified": "2021-10-14T07:41:30", "rev": 2}, "score": {"value": 4.4, "vector": "NONE", "modified": "2021-10-14T07:41:30", "rev": 2}}, "objectVersion": "1.6", "attackerkb": {"attackerValue": 3, "exploitability": 2}, "wildExploited": true, "wildExploitedCategory": {"Vendor Advisory": "", "News Article or Blog": ""}, "wildExploitedReports": [{"category": "Vendor Advisory", "source_url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-40444", "published": "2021-09-07T18:47:00"}, {"category": "Vendor Advisory", "source_url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-40444", "published": "2021-09-07T22:50:00"}, {"category": "Vendor Advisory", "source_url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-40444", "published": "2021-09-09T09:55:00"}, {"category": "News Article or Blog", "source_url": "", "published": "2021-09-10T05:06:00"}, {"category": "Vendor Advisory", "source_url": "https://www.microsoft.com/security/blog/2021/09/15/analyzing-attacks-that-exploit-the-mshtml-cve-2021-40444-vulnerability/", "published": "2021-09-17T14:53:00"}, {"category": "Threat Feed", "source_url": "", "published": "2021-09-17T14:53:00"}], "references_categories": {"Canonical": ["https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-40444"], "Miscellaneous": ["https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-40444", "http://packetstormsecurity.com/files/164210/Microsoft-Windows-MSHTML-Overview.html"]}, "tags": ["requires_interaction", "obscure_configuration"], "mitre_vector": {"Execution": ["Command and Scripting Interpreter: Windows Command Shell(Validated)", "Exploitation for Client Execution(Validated)", "User Execution(Validated)"]}, "last_activity": "2021-09-25T00:00:00"}, "lastseen": "2021-10-14T07:41:30", "differentElements": ["href"], "edition": 106}, {"bulletin": {"id": "AKB:F7CCD0B7-220B-49E5-A4DF-27E26B64A3F0", "hash": "f895324dfc94580c2fd6a7d9a0f2f27a", "type": "attackerkb", "bulletinFamily": "info", "title": "CVE-2021-40444", "description": "Microsoft MSHTML Remote Code Execution Vulnerability\n\n \n**Recent assessments:** \n \n**JunquerGJ** at September 07, 2021 10:50pm UTC reported:\n\n * Vulnerable if default behaviour has been changed ( By default, Microsoft Office opens documents from the internet in Protected View or Application Guard for Office both of which prevent the current attack ) \n\n * Requires social engineering to be exploited \n\n * Workaround easy to deploy\n\n**ccondon-r7** at September 07, 2021 7:12pm UTC reported:\n\n * Vulnerable if default behaviour has been changed ( By default, Microsoft Office opens documents from the internet in Protected View or Application Guard for Office both of which prevent the current attack ) \n\n * Requires social engineering to be exploited \n\n * Workaround easy to deploy\n\n**nu11secur1ty** at September 22, 2021 4:28pm UTC reported:\n\n * Vulnerable if default behaviour has been changed ( By default, Microsoft Office opens documents from the internet in Protected View or Application Guard for Office both of which prevent the current attack ) \n\n * Requires social engineering to be exploited \n\n * Workaround easy to deploy\n\n**NinjaOperator** at September 07, 2021 6:45pm UTC reported:\n\n * Vulnerable if default behaviour has been changed ( By default, Microsoft Office opens documents from the internet in Protected View or Application Guard for Office both of which prevent the current attack ) \n\n * Requires social engineering to be exploited \n\n * Workaround easy to deploy\n\nAssessed Attacker Value: 3 \nAssessed Attacker Value: 3Assessed Attacker Value: 2\n", "published": "2021-09-15T00:00:00", "modified": "2021-09-25T00:00:00", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}, "cvss2": {}, "cvss3": {}, "href": "https://attackerkb.com/comments/d5168efc-757d-4584-a59f-dd75d566c156", "reporter": "AttackerKB", "references": ["https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-40444", "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-40444", "http://packetstormsecurity.com/files/164210/Microsoft-Windows-MSHTML-Overview.html"], "cvelist": ["CVE-2021-40444"], "immutableFields": [], "lastseen": "2021-10-14T13:43:19", "history": [], "viewCount": 53, "enchantments": {"dependencies": {"references": [{"type": "cve", "idList": ["CVE-2021-40444"]}, {"type": "kitploit", "idList": ["KITPLOIT:942518396640901655", "KITPLOIT:5187040326820919368", "KITPLOIT:4074521293617632933", "KITPLOIT:2590785192528609562", "KITPLOIT:4033244480100620751", "KITPLOIT:3697667464193804316", "KITPLOIT:5184284878903042540", "KITPLOIT:3456474172768099634", "KITPLOIT:698315176468431184", "KITPLOIT:5230148353750207837", "KITPLOIT:5550923684662771880", "KITPLOIT:1624142243530526923"]}, {"type": "securelist", "idList": ["SECURELIST:63306FA6D056BD9A04969409AC790D84"]}, {"type": "cisa", "idList": ["CISA:C70D91615E3DC8B589B493118D474566"]}, {"type": "mssecure", "idList": ["MSSECURE:795E0A765679492C51FEFA2B19EAD597"]}, {"type": "mmpc", "idList": ["MMPC:795E0A765679492C51FEFA2B19EAD597"]}, {"type": "trendmicroblog", "idList": ["TRENDMICROBLOG:E17B66F8728189778826A0F497A540F2", "TRENDMICROBLOG:E0C479F55DF4C53A47CA2170110555AE"]}, {"type": "krebs", "idList": ["KREBS:2EC42B845847A6DCFE50ECEB9FF61C29", "KREBS:409088FC2DFC219B74043104C2B672CC"]}, {"type": "thn", "idList": ["THN:59AE75C78D4644BFA6AD90225B3DE0C1", "THN:D4E86BD8938D3B2E15104CA4922A51F8", "THN:67ECC712AB360F5A56F2434CDBF6B51F"]}, {"type": "nessus", "idList": ["SMB_NT_MS21_SEP_5005573.NASL", "SMB_NT_MS21_IE_SEPT_2021.NASL", "SMB_NT_MS21_SEP_5005613.NASL", "SMB_NT_MS21_SEP_5005569.NASL", "SMB_NT_MS21_SEP_INTERNET_EXPLORER.NASL", "SMB_NT_MS21_SEP_5005568.NASL", "SMB_NT_MS21_SEP_5005566.NASL", "SMB_NT_MS21_SEP_5005565.NASL"]}, {"type": "kaspersky", "idList": ["KLA12277", "KLA12278"]}, {"type": "malwarebytes", "idList": ["MALWAREBYTES:76333D1F0FCAFD79FA2EDD4A4CAFBB38", "MALWAREBYTES:801E20618F96EF51F9E60F7BC7906C2B", "MALWAREBYTES:DB54B348AF1AC41987150B5CE7B1BC66"]}, {"type": "threatpost", "idList": ["THREATPOST:62DC935BF4DB4EF8A4F1E83519B1D5CD", "THREATPOST:3C3F20C93519036CC712D1CA3A6D7C48", "THREATPOST:6D61C560E85ECD0A7A35C55E74849510"]}, {"type": "mskb", "idList": ["KB5005563"]}, {"type": "mscve", "idList": ["MS:CVE-2021-40444"]}, {"type": "avleonov", "idList": ["AVLEONOV:5945665DFA613F7707360C10CED8C916"]}, {"type": "rapid7blog", "idList": ["RAPID7BLOG:CC071AA6971D64B0F7A596B2BBD5F046"]}, {"type": "qualysblog", "idList": ["QUALYSBLOG:5576D16DC39617927D8AEFF027CC0911"]}], "modified": "2021-10-14T07:41:30", "rev": 2}, "score": {"value": 4.4, "vector": "NONE", "modified": "2021-10-14T07:41:30", "rev": 2}}, "objectVersion": "1.6", "attackerkb": {"attackerValue": 3, "exploitability": 2}, "wildExploited": true, "wildExploitedCategory": {"Vendor Advisory": "", "News Article or Blog": ""}, "wildExploitedReports": [{"category": "Vendor Advisory", "source_url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-40444", "published": "2021-09-07T18:47:00"}, {"category": "Vendor Advisory", "source_url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-40444", "published": "2021-09-07T22:50:00"}, {"category": "Vendor Advisory", "source_url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-40444", "published": "2021-09-09T09:55:00"}, {"category": "News Article or Blog", "source_url": "", "published": "2021-09-10T05:06:00"}, {"category": "Vendor Advisory", "source_url": "https://www.microsoft.com/security/blog/2021/09/15/analyzing-attacks-that-exploit-the-mshtml-cve-2021-40444-vulnerability/", "published": "2021-09-17T14:53:00"}, {"category": "Threat Feed", "source_url": "", "published": "2021-09-17T14:53:00"}], "references_categories": {"Canonical": ["https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-40444"], "Miscellaneous": ["https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-40444", "http://packetstormsecurity.com/files/164210/Microsoft-Windows-MSHTML-Overview.html"]}, "tags": ["requires_interaction", "obscure_configuration"], "mitre_vector": {"Execution": ["Command and Scripting Interpreter: Windows Command Shell(Validated)", "Exploitation for Client Execution(Validated)", "User Execution(Validated)"]}, "last_activity": "2021-09-25T00:00:00"}, "lastseen": "2021-10-14T13:43:19", "differentElements": ["href"], "edition": 107}, {"bulletin": {"id": "AKB:F7CCD0B7-220B-49E5-A4DF-27E26B64A3F0", "hash": "3d52b470d5472513daaca763ba17c977", "type": "attackerkb", "bulletinFamily": "info", "title": "CVE-2021-40444", "description": "Microsoft MSHTML Remote Code Execution Vulnerability\n\n \n**Recent assessments:** \n \n**JunquerGJ** at September 07, 2021 10:50pm UTC reported:\n\n * Vulnerable if default behaviour has been changed ( By default, Microsoft Office opens documents from the internet in Protected View or Application Guard for Office both of which prevent the current attack ) \n\n * Requires social engineering to be exploited \n\n * Workaround easy to deploy\n\n**ccondon-r7** at September 07, 2021 7:12pm UTC reported:\n\n * Vulnerable if default behaviour has been changed ( By default, Microsoft Office opens documents from the internet in Protected View or Application Guard for Office both of which prevent the current attack ) \n\n * Requires social engineering to be exploited \n\n * Workaround easy to deploy\n\n**nu11secur1ty** at September 22, 2021 4:28pm UTC reported:\n\n * Vulnerable if default behaviour has been changed ( By default, Microsoft Office opens documents from the internet in Protected View or Application Guard for Office both of which prevent the current attack ) \n\n * Requires social engineering to be exploited \n\n * Workaround easy to deploy\n\n**NinjaOperator** at September 07, 2021 6:45pm UTC reported:\n\n * Vulnerable if default behaviour has been changed ( By default, Microsoft Office opens documents from the internet in Protected View or Application Guard for Office both of which prevent the current attack ) \n\n * Requires social engineering to be exploited \n\n * Workaround easy to deploy\n\nAssessed Attacker Value: 3 \nAssessed Attacker Value: 3Assessed Attacker Value: 2\n", "published": "2021-09-15T00:00:00", "modified": "2021-09-25T00:00:00", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}, "cvss2": {}, "cvss3": {}, "href": "https://attackerkb.com/topics/6ojqzQoPox/cve-2021-40444", "reporter": "AttackerKB", "references": ["https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-40444", "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-40444", "http://packetstormsecurity.com/files/164210/Microsoft-Windows-MSHTML-Overview.html"], "cvelist": ["CVE-2021-40444"], "immutableFields": [], "lastseen": "2021-10-14T13:43:24", "history": [], "viewCount": 53, "enchantments": {"dependencies": {"references": [{"type": "cve", "idList": ["CVE-2021-40444"]}, {"type": "kitploit", "idList": ["KITPLOIT:5187040326820919368", "KITPLOIT:5550923684662771880", "KITPLOIT:5184284878903042540", "KITPLOIT:2590785192528609562", "KITPLOIT:1624142243530526923", "KITPLOIT:4074521293617632933", "KITPLOIT:698315176468431184", "KITPLOIT:4033244480100620751", "KITPLOIT:3697667464193804316", "KITPLOIT:942518396640901655", "KITPLOIT:3456474172768099634", "KITPLOIT:5230148353750207837"]}, {"type": "securelist", "idList": ["SECURELIST:63306FA6D056BD9A04969409AC790D84"]}, {"type": "cisa", "idList": ["CISA:C70D91615E3DC8B589B493118D474566"]}, {"type": "mssecure", "idList": ["MSSECURE:795E0A765679492C51FEFA2B19EAD597"]}, {"type": "mmpc", "idList": ["MMPC:795E0A765679492C51FEFA2B19EAD597"]}, {"type": "trendmicroblog", "idList": ["TRENDMICROBLOG:E17B66F8728189778826A0F497A540F2", "TRENDMICROBLOG:E0C479F55DF4C53A47CA2170110555AE"]}, {"type": "krebs", "idList": ["KREBS:2EC42B845847A6DCFE50ECEB9FF61C29", "KREBS:409088FC2DFC219B74043104C2B672CC"]}, {"type": "thn", "idList": ["THN:D4E86BD8938D3B2E15104CA4922A51F8", "THN:59AE75C78D4644BFA6AD90225B3DE0C1", "THN:67ECC712AB360F5A56F2434CDBF6B51F"]}, {"type": "nessus", "idList": ["SMB_NT_MS21_SEP_INTERNET_EXPLORER.NASL", "SMB_NT_MS21_SEP_5005613.NASL", "SMB_NT_MS21_SEP_5005568.NASL", "SMB_NT_MS21_SEP_5005566.NASL", "SMB_NT_MS21_IE_SEPT_2021.NASL", "SMB_NT_MS21_SEP_5005573.NASL", "SMB_NT_MS21_SEP_5005569.NASL", "SMB_NT_MS21_SEP_5005565.NASL"]}, {"type": "kaspersky", "idList": ["KLA12277", "KLA12278"]}, {"type": "malwarebytes", "idList": ["MALWAREBYTES:801E20618F96EF51F9E60F7BC7906C2B", "MALWAREBYTES:76333D1F0FCAFD79FA2EDD4A4CAFBB38", "MALWAREBYTES:DB54B348AF1AC41987150B5CE7B1BC66"]}, {"type": "threatpost", "idList": ["THREATPOST:6D61C560E85ECD0A7A35C55E74849510", "THREATPOST:3C3F20C93519036CC712D1CA3A6D7C48", "THREATPOST:62DC935BF4DB4EF8A4F1E83519B1D5CD"]}, {"type": "mskb", "idList": ["KB5005563"]}, {"type": "mscve", "idList": ["MS:CVE-2021-40444"]}, {"type": "avleonov", "idList": ["AVLEONOV:5945665DFA613F7707360C10CED8C916"]}, {"type": "rapid7blog", "idList": ["RAPID7BLOG:CC071AA6971D64B0F7A596B2BBD5F046"]}, {"type": "qualysblog", "idList": ["QUALYSBLOG:5576D16DC39617927D8AEFF027CC0911"]}], "modified": "2021-10-14T13:43:24", "rev": 2}, "score": {"value": 4.4, "vector": "NONE", "modified": "2021-10-14T13:43:24", "rev": 2}}, "objectVersion": "1.6", "attackerkb": {"attackerValue": 3, "exploitability": 2}, "wildExploited": true, "wildExploitedCategory": {"Vendor Advisory": "", "News Article or Blog": ""}, "wildExploitedReports": [{"category": "Vendor Advisory", "source_url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-40444", "published": "2021-09-07T18:47:00"}, {"category": "Vendor Advisory", "source_url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-40444", "published": "2021-09-07T22:50:00"}, {"category": "Vendor Advisory", "source_url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-40444", "published": "2021-09-09T09:55:00"}, {"category": "News Article or Blog", "source_url": "", "published": "2021-09-10T05:06:00"}, {"category": "Vendor Advisory", "source_url": "https://www.microsoft.com/security/blog/2021/09/15/analyzing-attacks-that-exploit-the-mshtml-cve-2021-40444-vulnerability/", "published": "2021-09-17T14:53:00"}, {"category": "Threat Feed", "source_url": "", "published": "2021-09-17T14:53:00"}], "references_categories": {"Canonical": ["https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-40444"], "Miscellaneous": ["https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-40444", "http://packetstormsecurity.com/files/164210/Microsoft-Windows-MSHTML-Overview.html"]}, "tags": ["requires_interaction", "obscure_configuration"], "mitre_vector": {"Execution": ["Command and Scripting Interpreter: Windows Command Shell(Validated)", "Exploitation for Client Execution(Validated)", "User Execution(Validated)"]}, "last_activity": "2021-09-25T00:00:00"}, "lastseen": "2021-10-14T13:43:24", "differentElements": ["href"], "edition": 108}, {"bulletin": {"id": "AKB:F7CCD0B7-220B-49E5-A4DF-27E26B64A3F0", "hash": "f895324dfc94580c2fd6a7d9a0f2f27a", "type": "attackerkb", "bulletinFamily": "info", "title": "CVE-2021-40444", "description": "Microsoft MSHTML Remote Code Execution Vulnerability\n\n \n**Recent assessments:** \n \n**JunquerGJ** at September 07, 2021 10:50pm UTC reported:\n\n * Vulnerable if default behaviour has been changed ( By default, Microsoft Office opens documents from the internet in Protected View or Application Guard for Office both of which prevent the current attack ) \n\n * Requires social engineering to be exploited \n\n * Workaround easy to deploy\n\n**ccondon-r7** at September 07, 2021 7:12pm UTC reported:\n\n * Vulnerable if default behaviour has been changed ( By default, Microsoft Office opens documents from the internet in Protected View or Application Guard for Office both of which prevent the current attack ) \n\n * Requires social engineering to be exploited \n\n * Workaround easy to deploy\n\n**nu11secur1ty** at September 22, 2021 4:28pm UTC reported:\n\n * Vulnerable if default behaviour has been changed ( By default, Microsoft Office opens documents from the internet in Protected View or Application Guard for Office both of which prevent the current attack ) \n\n * Requires social engineering to be exploited \n\n * Workaround easy to deploy\n\n**NinjaOperator** at September 07, 2021 6:45pm UTC reported:\n\n * Vulnerable if default behaviour has been changed ( By default, Microsoft Office opens documents from the internet in Protected View or Application Guard for Office both of which prevent the current attack ) \n\n * Requires social engineering to be exploited \n\n * Workaround easy to deploy\n\nAssessed Attacker Value: 3 \nAssessed Attacker Value: 3Assessed Attacker Value: 2\n", "published": "2021-09-15T00:00:00", "modified": "2021-09-25T00:00:00", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}, "cvss2": {}, "cvss3": {}, "href": "https://attackerkb.com/comments/d5168efc-757d-4584-a59f-dd75d566c156", "reporter": "AttackerKB", "references": ["https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-40444", "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-40444", "http://packetstormsecurity.com/files/164210/Microsoft-Windows-MSHTML-Overview.html"], "cvelist": ["CVE-2021-40444"], "immutableFields": [], "lastseen": "2021-10-14T19:43:33", "history": [], "viewCount": 53, "enchantments": {"dependencies": {"references": [{"type": "cve", "idList": ["CVE-2021-40444"]}, {"type": "kitploit", "idList": ["KITPLOIT:5187040326820919368", "KITPLOIT:5550923684662771880", "KITPLOIT:5184284878903042540", "KITPLOIT:2590785192528609562", "KITPLOIT:1624142243530526923", "KITPLOIT:4074521293617632933", "KITPLOIT:698315176468431184", "KITPLOIT:4033244480100620751", "KITPLOIT:3697667464193804316", "KITPLOIT:942518396640901655", "KITPLOIT:3456474172768099634", "KITPLOIT:5230148353750207837"]}, {"type": "securelist", "idList": ["SECURELIST:63306FA6D056BD9A04969409AC790D84"]}, {"type": "cisa", "idList": ["CISA:C70D91615E3DC8B589B493118D474566"]}, {"type": "mssecure", "idList": ["MSSECURE:795E0A765679492C51FEFA2B19EAD597"]}, {"type": "mmpc", "idList": ["MMPC:795E0A765679492C51FEFA2B19EAD597"]}, {"type": "trendmicroblog", "idList": ["TRENDMICROBLOG:E17B66F8728189778826A0F497A540F2", "TRENDMICROBLOG:E0C479F55DF4C53A47CA2170110555AE"]}, {"type": "krebs", "idList": ["KREBS:2EC42B845847A6DCFE50ECEB9FF61C29", "KREBS:409088FC2DFC219B74043104C2B672CC"]}, {"type": "thn", "idList": ["THN:D4E86BD8938D3B2E15104CA4922A51F8", "THN:59AE75C78D4644BFA6AD90225B3DE0C1", "THN:67ECC712AB360F5A56F2434CDBF6B51F"]}, {"type": "nessus", "idList": ["SMB_NT_MS21_SEP_INTERNET_EXPLORER.NASL", "SMB_NT_MS21_SEP_5005613.NASL", "SMB_NT_MS21_SEP_5005568.NASL", "SMB_NT_MS21_SEP_5005566.NASL", "SMB_NT_MS21_IE_SEPT_2021.NASL", "SMB_NT_MS21_SEP_5005573.NASL", "SMB_NT_MS21_SEP_5005569.NASL", "SMB_NT_MS21_SEP_5005565.NASL"]}, {"type": "kaspersky", "idList": ["KLA12277", "KLA12278"]}, {"type": "malwarebytes", "idList": ["MALWAREBYTES:801E20618F96EF51F9E60F7BC7906C2B", "MALWAREBYTES:76333D1F0FCAFD79FA2EDD4A4CAFBB38", "MALWAREBYTES:DB54B348AF1AC41987150B5CE7B1BC66"]}, {"type": "threatpost", "idList": ["THREATPOST:6D61C560E85ECD0A7A35C55E74849510", "THREATPOST:3C3F20C93519036CC712D1CA3A6D7C48", "THREATPOST:62DC935BF4DB4EF8A4F1E83519B1D5CD"]}, {"type": "mskb", "idList": ["KB5005563"]}, {"type": "mscve", "idList": ["MS:CVE-2021-40444"]}, {"type": "avleonov", "idList": ["AVLEONOV:5945665DFA613F7707360C10CED8C916"]}, {"type": "rapid7blog", "idList": ["RAPID7BLOG:CC071AA6971D64B0F7A596B2BBD5F046"]}, {"type": "qualysblog", "idList": ["QUALYSBLOG:5576D16DC39617927D8AEFF027CC0911"]}], "modified": "2021-10-14T13:43:24", "rev": 2}, "score": {"value": 4.4, "vector": "NONE", "modified": "2021-10-14T13:43:24", "rev": 2}}, "objectVersion": "1.6", "attackerkb": {"attackerValue": 3, "exploitability": 2}, "wildExploited": true, "wildExploitedCategory": {"Vendor Advisory": "", "News Article or Blog": ""}, "wildExploitedReports": [{"category": "Vendor Advisory", "source_url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-40444", "published": "2021-09-07T18:47:00"}, {"category": "Vendor Advisory", "source_url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-40444", "published": "2021-09-07T22:50:00"}, {"category": "Vendor Advisory", "source_url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-40444", "published": "2021-09-09T09:55:00"}, {"category": "News Article or Blog", "source_url": "", "published": "2021-09-10T05:06:00"}, {"category": "Vendor Advisory", "source_url": "https://www.microsoft.com/security/blog/2021/09/15/analyzing-attacks-that-exploit-the-mshtml-cve-2021-40444-vulnerability/", "published": "2021-09-17T14:53:00"}, {"category": "Threat Feed", "source_url": "", "published": "2021-09-17T14:53:00"}], "references_categories": {"Canonical": ["https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-40444"], "Miscellaneous": ["https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-40444", "http://packetstormsecurity.com/files/164210/Microsoft-Windows-MSHTML-Overview.html"]}, "tags": ["requires_interaction", "obscure_configuration"], "mitre_vector": {"Execution": ["Command and Scripting Interpreter: Windows Command Shell(Validated)", "Exploitation for Client Execution(Validated)", "User Execution(Validated)"]}, "last_activity": "2021-09-25T00:00:00"}, "lastseen": "2021-10-14T19:43:33", "differentElements": ["href"], "edition": 109}, {"bulletin": {"id": "AKB:F7CCD0B7-220B-49E5-A4DF-27E26B64A3F0", "hash": "3d52b470d5472513daaca763ba17c977", "type": "attackerkb", "bulletinFamily": "info", "title": "CVE-2021-40444", "description": "Microsoft MSHTML Remote Code Execution Vulnerability\n\n \n**Recent assessments:** \n \n**JunquerGJ** at September 07, 2021 10:50pm UTC reported:\n\n * Vulnerable if default behaviour has been changed ( By default, Microsoft Office opens documents from the internet in Protected View or Application Guard for Office both of which prevent the current attack ) \n\n * Requires social engineering to be exploited \n\n * Workaround easy to deploy\n\n**ccondon-r7** at September 07, 2021 7:12pm UTC reported:\n\n * Vulnerable if default behaviour has been changed ( By default, Microsoft Office opens documents from the internet in Protected View or Application Guard for Office both of which prevent the current attack ) \n\n * Requires social engineering to be exploited \n\n * Workaround easy to deploy\n\n**nu11secur1ty** at September 22, 2021 4:28pm UTC reported:\n\n * Vulnerable if default behaviour has been changed ( By default, Microsoft Office opens documents from the internet in Protected View or Application Guard for Office both of which prevent the current attack ) \n\n * Requires social engineering to be exploited \n\n * Workaround easy to deploy\n\n**NinjaOperator** at September 07, 2021 6:45pm UTC reported:\n\n * Vulnerable if default behaviour has been changed ( By default, Microsoft Office opens documents from the internet in Protected View or Application Guard for Office both of which prevent the current attack ) \n\n * Requires social engineering to be exploited \n\n * Workaround easy to deploy\n\nAssessed Attacker Value: 3 \nAssessed Attacker Value: 3Assessed Attacker Value: 2\n", "published": "2021-09-15T00:00:00", "modified": "2021-09-25T00:00:00", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}, "cvss2": {}, "cvss3": {}, "href": "https://attackerkb.com/topics/6ojqzQoPox/cve-2021-40444", "reporter": "AttackerKB", "references": ["https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-40444", "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-40444", "http://packetstormsecurity.com/files/164210/Microsoft-Windows-MSHTML-Overview.html"], "cvelist": ["CVE-2021-40444"], "immutableFields": [], "lastseen": "2021-10-14T19:43:36", "history": [], "viewCount": 53, "enchantments": {"dependencies": {"references": [{"type": "cve", "idList": ["CVE-2021-40444"]}, {"type": "kitploit", "idList": ["KITPLOIT:5230148353750207837", "KITPLOIT:3456474172768099634", "KITPLOIT:942518396640901655", "KITPLOIT:5184284878903042540", "KITPLOIT:5550923684662771880", "KITPLOIT:4033244480100620751", "KITPLOIT:1624142243530526923", "KITPLOIT:2590785192528609562", "KITPLOIT:4074521293617632933", "KITPLOIT:698315176468431184", "KITPLOIT:5187040326820919368", "KITPLOIT:3697667464193804316"]}, {"type": "securelist", "idList": ["SECURELIST:63306FA6D056BD9A04969409AC790D84"]}, {"type": "cisa", "idList": ["CISA:C70D91615E3DC8B589B493118D474566"]}, {"type": "mssecure", "idList": ["MSSECURE:795E0A765679492C51FEFA2B19EAD597"]}, {"type": "mmpc", "idList": ["MMPC:795E0A765679492C51FEFA2B19EAD597"]}, {"type": "trendmicroblog", "idList": ["TRENDMICROBLOG:E17B66F8728189778826A0F497A540F2", "TRENDMICROBLOG:E0C479F55DF4C53A47CA2170110555AE"]}, {"type": "thn", "idList": ["THN:67ECC712AB360F5A56F2434CDBF6B51F", "THN:D4E86BD8938D3B2E15104CA4922A51F8", "THN:59AE75C78D4644BFA6AD90225B3DE0C1"]}, {"type": "nessus", "idList": ["SMB_NT_MS21_SEP_5005569.NASL", "SMB_NT_MS21_SEP_5005568.NASL", "SMB_NT_MS21_IE_SEPT_2021.NASL", "SMB_NT_MS21_SEP_5005613.NASL", "SMB_NT_MS21_SEP_5005565.NASL", "SMB_NT_MS21_SEP_INTERNET_EXPLORER.NASL", "SMB_NT_MS21_SEP_5005566.NASL", "SMB_NT_MS21_SEP_5005573.NASL"]}, {"type": "kaspersky", "idList": ["KLA12278", "KLA12277"]}, {"type": "malwarebytes", "idList": ["MALWAREBYTES:76333D1F0FCAFD79FA2EDD4A4CAFBB38", "MALWAREBYTES:DB54B348AF1AC41987150B5CE7B1BC66", "MALWAREBYTES:801E20618F96EF51F9E60F7BC7906C2B"]}, {"type": "threatpost", "idList": ["THREATPOST:3C3F20C93519036CC712D1CA3A6D7C48", "THREATPOST:62DC935BF4DB4EF8A4F1E83519B1D5CD", "THREATPOST:6D61C560E85ECD0A7A35C55E74849510"]}, {"type": "mscve", "idList": ["MS:CVE-2021-40444"]}, {"type": "krebs", "idList": ["KREBS:409088FC2DFC219B74043104C2B672CC", "KREBS:2EC42B845847A6DCFE50ECEB9FF61C29"]}, {"type": "mskb", "idList": ["KB5005563"]}, {"type": "avleonov", "idList": ["AVLEONOV:5945665DFA613F7707360C10CED8C916"]}, {"type": "rapid7blog", "idList": ["RAPID7BLOG:CC071AA6971D64B0F7A596B2BBD5F046"]}, {"type": "qualysblog", "idList": ["QUALYSBLOG:5576D16DC39617927D8AEFF027CC0911"]}], "modified": "2021-10-14T19:43:36", "rev": 2}, "score": {"value": 4.4, "vector": "NONE", "modified": "2021-10-14T19:43:36", "rev": 2}}, "objectVersion": "1.6", "attackerkb": {"attackerValue": 3, "exploitability": 2}, "wildExploited": true, "wildExploitedCategory": {"Vendor Advisory": "", "News Article or Blog": ""}, "wildExploitedReports": [{"category": "Vendor Advisory", "source_url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-40444", "published": "2021-09-07T18:47:00"}, {"category": "Vendor Advisory", "source_url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-40444", "published": "2021-09-07T22:50:00"}, {"category": "Vendor Advisory", "source_url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-40444", "published": "2021-09-09T09:55:00"}, {"category": "News Article or Blog", "source_url": "", "published": "2021-09-10T05:06:00"}, {"category": "Vendor Advisory", "source_url": "https://www.microsoft.com/security/blog/2021/09/15/analyzing-attacks-that-exploit-the-mshtml-cve-2021-40444-vulnerability/", "published": "2021-09-17T14:53:00"}, {"category": "Threat Feed", "source_url": "", "published": "2021-09-17T14:53:00"}], "references_categories": {"Canonical": ["https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-40444"], "Miscellaneous": ["https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-40444", "http://packetstormsecurity.com/files/164210/Microsoft-Windows-MSHTML-Overview.html"]}, "tags": ["requires_interaction", "obscure_configuration"], "mitre_vector": {"Execution": ["Command and Scripting Interpreter: Windows Command Shell(Validated)", "Exploitation for Client Execution(Validated)", "User Execution(Validated)"]}, "last_activity": "2021-09-25T00:00:00"}, "lastseen": "2021-10-14T19:43:36", "differentElements": ["href"], "edition": 110}, {"bulletin": {"id": "AKB:F7CCD0B7-220B-49E5-A4DF-27E26B64A3F0", "hash": "f895324dfc94580c2fd6a7d9a0f2f27a", "type": "attackerkb", "bulletinFamily": "info", "title": "CVE-2021-40444", "description": "Microsoft MSHTML Remote Code Execution Vulnerability\n\n \n**Recent assessments:** \n \n**JunquerGJ** at September 07, 2021 10:50pm UTC reported:\n\n * Vulnerable if default behaviour has been changed ( By default, Microsoft Office opens documents from the internet in Protected View or Application Guard for Office both of which prevent the current attack ) \n\n * Requires social engineering to be exploited \n\n * Workaround easy to deploy\n\n**ccondon-r7** at September 07, 2021 7:12pm UTC reported:\n\n * Vulnerable if default behaviour has been changed ( By default, Microsoft Office opens documents from the internet in Protected View or Application Guard for Office both of which prevent the current attack ) \n\n * Requires social engineering to be exploited \n\n * Workaround easy to deploy\n\n**nu11secur1ty** at September 22, 2021 4:28pm UTC reported:\n\n * Vulnerable if default behaviour has been changed ( By default, Microsoft Office opens documents from the internet in Protected View or Application Guard for Office both of which prevent the current attack ) \n\n * Requires social engineering to be exploited \n\n * Workaround easy to deploy\n\n**NinjaOperator** at September 07, 2021 6:45pm UTC reported:\n\n * Vulnerable if default behaviour has been changed ( By default, Microsoft Office opens documents from the internet in Protected View or Application Guard for Office both of which prevent the current attack ) \n\n * Requires social engineering to be exploited \n\n * Workaround easy to deploy\n\nAssessed Attacker Value: 3 \nAssessed Attacker Value: 3Assessed Attacker Value: 2\n", "published": "2021-09-15T00:00:00", "modified": "2021-09-25T00:00:00", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}, "cvss2": {}, "cvss3": {}, "href": "https://attackerkb.com/comments/d5168efc-757d-4584-a59f-dd75d566c156", "reporter": "AttackerKB", "references": ["https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-40444", "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-40444", "http://packetstormsecurity.com/files/164210/Microsoft-Windows-MSHTML-Overview.html"], "cvelist": ["CVE-2021-40444"], "immutableFields": [], "lastseen": "2021-10-14T22:41:48", "history": [], "viewCount": 53, "enchantments": {"dependencies": {"references": [{"type": "cve", "idList": ["CVE-2021-40444"]}, {"type": "kitploit", "idList": ["KITPLOIT:5230148353750207837", "KITPLOIT:3456474172768099634", "KITPLOIT:942518396640901655", "KITPLOIT:5184284878903042540", "KITPLOIT:5550923684662771880", "KITPLOIT:4033244480100620751", "KITPLOIT:1624142243530526923", "KITPLOIT:2590785192528609562", "KITPLOIT:4074521293617632933", "KITPLOIT:698315176468431184", "KITPLOIT:5187040326820919368", "KITPLOIT:3697667464193804316"]}, {"type": "securelist", "idList": ["SECURELIST:63306FA6D056BD9A04969409AC790D84"]}, {"type": "cisa", "idList": ["CISA:C70D91615E3DC8B589B493118D474566"]}, {"type": "mssecure", "idList&
