7 matches found
Microsoft MSHTML Flaw the Silent Doorway for MerkSpy Malware
...
Microsoft MSHTML Flaw Exploited to Deliver MerkSpy Spyware Tool
Unknown threat actors have been observed exploiting a now-patched security flaw in Microsoft MSHTML to deliver a surveillance tool called MerkSpy as part of a campaign primarily targeting users in Canada, India, Poland, and the U.S. "MerkSpy is designed to clandestinely monitor user activities,...
Hackers Exploited MSHTML Flaw to Spy on Government and Defense Targets
Cybersecurity researchers on Tuesday took the wraps off a multi-stage espionage campaign targeting high-ranking government officials overseeing national security policy and individuals in the defense industry in Western Asia. The attack is unique as it leverages Microsoft OneDrive as a...
Microsoft MSHTML Flaw Exploited by Ryuk Ransomware Gang
Criminals behind the Ryuk ransomware were early exploiters of the Windows MSHTML flaw, actively leveraging the bug in campaigns ahead of a patch released by Microsoft this week. Collaborative research by Microsoft and RiskIQ revealed campaigns by Ryuk threat actors early on that exploited the fla...
CVE-2021-40444
Microsoft is investigating reports of a remote code execution vulnerability in MSHTML that affects Microsoft Windows. Microsoft is aware of targeted attacks that attempt to exploit this vulnerability by using specially-crafted Microsoft Office documents. An attacker could craft a malicious Active...
Vulnerability found in Microsoft Windows
A vulnerability has been found in Microsoft Windows' MSHTML component. A malicious party could potentially exploit it to execute arbitrary code under the privileges of a user. To do this, the malicious party needs to get the victim to to open a rogue Office document. Microsoft indicates that ther...
The vulnerability of the MSHTML mechanism in the Internet Explorer browser and the Microsoft Office suite allows a hacker to execute arbitrary code.
The vulnerability of the MSHTML mechanism in the Internet Explorer browser and the Microsoft Office suite is related to errors in data processing. Exploiting this vulnerability allows a malicious actor to execute arbitrary code using a specially created file...