CVE-1999-0489

MSHTML.DLL in Internet Explorer 5.0 allows a remote attacker to paste a file name into the file upload intrinsic control, a variant of "untrusted scripted paste" as described in MS:MS98-013...

EUVD-2023-32899

Malicious code in bioql PyPI...

CVE-2024-30040

CVE-2024-30040 is a Windows MSHTML Platform Security Feature Bypass vulnerability. The affected component is MSHTML (Windows), with a root cause described as a security feature bypass in the MSHTML engine. Impact per CVSS: CVSS 3.1 base score 8.8 (High) affecting confidentiality, integrity, and a...

Vulnerabilities fixed in Microsoft Windows

Microsoft has fixed vulnerabilities in Windows. A malicious party can exploit the vulnerabilities to launch attacks execute attacks that can lead to the following categories of damage: Denial-of-Service DoS. Circumvention of security measure Remote code execution Administrator/Root rights Remote...

Prime Minister’s Office Compromised: Details of Recent Espionage Campaign

Prime Minister’s Office Compromised: Details of Recent Espionage Campaign By Marc Elias · January 25, 2022 A special thanks to Christiaan Beek, Alexandre Mundo, Leandro Velasco and Max Kersten for malware analysis and support during this investigation. Executive Summary Our Advanced Threat Resear...

Hackers hit Russian ministry, rocket center using MSHTML vulnerability

By Waqas Microsoft Office zero-day also dubbed MSHTML attack exploited to target Russian government including Interior ministry and State Rocket Center. This is a post from HackRead.com Read the original post: Hackers hit Russian ministry, rocket center using MSHTML vulnerability...

Analyzing attacks that exploit the CVE-2021-40444 MSHTML vulnerability

In August, Microsoft Threat Intelligence Center MSTIC identified a small number of attacks less than 10 that attempted to exploit a remote code execution vulnerability in MSHTML using specially crafted Microsoft Office documents. These attacks used the vulnerability, tracked as CVE-2021-40444, as...

CVE-2021-40444 Microsoft MSHTML Remote Code Execution Vulnerability

...

PT-2021-3925

Name of the Vulnerable Software and Affected Versions Microsoft MSHTML affected versions not specified Description The vulnerability in Microsoft MSHTML allows remote attackers to execute arbitrary code by using specially crafted Microsoft Office documents. An attacker could craft a malicious...

Microsoft Internet Explorer 11 MSHTML CMapElement::Notify Use-After-Free

Throughout November, I plan to release details on vulnerabilities I found in web-browsers which I've not released before. This is the tenth entry in that series. The below information is available in more detail on my blog at http://blog.skylined.nl/20161114001.html. Follow me on...

Microsoft Internet Explorer 4 Outlook 20005.5 - MSHTML.dll Crash

Microsoft Internet Explorer 4 Outlook 20005.5 - MSHTML.dll Crash source: https://www.securityfocus.com/bid/2202/info MSHTML.DLL is the shared library for parsing HTML in Internet Explorer and related applications. It may be possible for an attacker to crash this library remotely and cause a denia...