KB5075904: Windows 10 version 1809 / Windows Server 2019 Security Update (February 2026)

The remote Windows host is missing security update 5075904. It is, therefore, affected by multiple vulnerabilities - Protection mechanism failure in MSHTML Framework allows an unauthorized attacker to bypass a security feature over a network. CVE-2026-21513 - Access of resource using incompatible...

KB5077179: Windows 11 Version 26H1 Security Update (February 2026)

The remote Windows host is missing security update 5077179. It is, therefore, affected by multiple vulnerabilities - Protection mechanism failure in MSHTML Framework allows an unauthorized attacker to bypass a security feature over a network. CVE-2026-21513 - Access of resource using incompatible...

The vulnerability of the MSHTML platform in Windows operating systems allows a hacker to execute arbitrary code.

The vulnerability of the MSHTML platform in Windows operating systems is related to errors in processing input data. Exploiting this vulnerability allows a malicious actor to execute arbitrary code remotely, provided that the user opens a specially crafted file...

CVE-2024-30040

Windows MSHTML Platform Security Feature Bypass Vulnerability...

CVE-2023-35628

Windows MSHTML Platform Remote Code Execution Vulnerability...

The vulnerability of the MSHTML platform in Windows operating systems allows attackers to circumvent existing security restrictions.

The vulnerability of the MSHTML platform in Windows operating systems is related to security configuration errors. Exploiting this vulnerability can allow attackers to circumvent existing security restrictions...

The vulnerability of the MSHTML platform in Microsoft Windows operating systems allows a hacker to execute arbitrary code.

The vulnerability of the MSHTML platform in Microsoft Windows operating systems is related to the execution of operations beyond the buffer boundaries in memory. Exploiting this vulnerability can allow an attacker to execute arbitrary code...

The vulnerability of the MSHTML platform in Windows operating systems allows attackers to circumvent security restrictions.

The vulnerability of the MSHTML platform in Windows operating systems is related to security configuration errors. Exploiting this vulnerability can allow a malicious actor to bypass security restrictions remotely...

CVE-2023-21805

Windows MSHTML Platform Remote Code Execution Vulnerability...

VulnCheck KEV: CVE-2019-0541

Microsoft MSHTML engine contains an improper input validation vulnerability that allows for remote code execution vulnerability...

The vulnerability of the MSHTML mechanism in the Internet Explorer browser, allowing a hacker to execute arbitrary code

The vulnerability of the MSHTML mechanism in the Internet Explorer browser is related to errors in data processing. Exploiting this vulnerability allows a remote attacker to perform arbitrary actions...

CVE-2020-1064

A remote code execution vulnerability exists in the way that the MSHTML engine improperly validates input.An attacker could execute arbitrary code in the context of the current user, aka 'MSHTML Engine Remote Code Execution Vulnerability'...

Microsoft Internet Explorer MSHTML Engine Remote Code Execution Vulnerability

Microsoft Internet Explorer IE is a Web browser that comes with the Windows operating system from the American company Microsoft. A remote code execution vulnerability exists in the MSHTML Engine in Microsoft Internet Explorer versions 9 and 11, which arises from the program failing to properly...

Microsoft MSHTML Engine Input Validation Vulnerability

Microsoft Internet Explorer and others are products of Microsoft Corporation.Microsoft Internet Explorer IE is a web browser.Office 2010 SP2 is an office suite.Microsoft MSHTML engine Office 2010 SP2 is an office suite. Microsoft MSHTML engine is one of the engines used to parse the HTML language...

Internet Explorer CSS SetUserClip Memory Corruption

No description provided by source. $Id: ms10090iecssclip.rb 11610 2011-01-20 19:30:59Z egypt $ This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit Framework web site for more information on licensing and terms o...

Internet Explorer CSS Recursive Import Use After Free

No description provided by source. $Id: ms11003iecssimport.rb 11730 2011-02-08 23:31:44Z jduck $ This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit Framework web site for more information on licensing and terms...

MS11-003 Microsoft Internet Explorer CSS Recursive Import Use After Free

This module exploits a memory corruption vulnerability within Microsoft's HTML engine mshtml. When parsing an HTML page containing a recursive CSS import, a C++ object is deleted and later reused. This leads to arbitrary code execution. This exploit utilizes a combination of heap spraying and the...

Internet Explorer CSS Recursive Import Use After Free

$Id: ms11003iecssimport.rb 11730 2011-02-08 23:31:44Z jduck $ This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit Framework web site for more information on licensing and terms of use...

Internet Explorer CSS Recursive Import Use After Free

$Id: ms11xxxiecssimport.rb 11383 2010-12-20 16:34:07Z jduck $ This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit Framework web site for more information on licensing and terms of use...

MS10-090 Microsoft Internet Explorer CSS SetUserClip Memory Corruption

This module exploits a memory corruption vulnerability within Microsoft's HTML engine mshtml. When parsing an HTML page containing a specially crafted CSS tag, memory corruption occurs that can lead arbitrary code execution. It seems like Microsoft code inadvertently increments a vtable pointer t...