D
darkc0des
Original poster
as there is no any available builder for this
CVE-2021-40444 remote code execution vulnerability in MSHTML
Office 2019 / Office 365 on Windows 10 (typical user environment)
The exploit uses logical flaws so the exploitation is perfectly reliable
the rendering engine used by IE and succeeded by EdgeHTML in the newer Edge browser
there is no patch there is only Defender Antivirus detection and i managed to bypass it.
the only way to stop the attack is disabling installation of all ActiveX controls in IE.
the vulnerability in RTF files, which do not benefit from Office's Protected View security feature.
DEMO:
mail: [email protected]
CVE-2021-40444 remote code execution vulnerability in MSHTML
Office 2019 / Office 365 on Windows 10 (typical user environment)
The exploit uses logical flaws so the exploitation is perfectly reliable
the rendering engine used by IE and succeeded by EdgeHTML in the newer Edge browser
there is no patch there is only Defender Antivirus detection and i managed to bypass it.
the only way to stop the attack is disabling installation of all ActiveX controls in IE.
the vulnerability in RTF files, which do not benefit from Office's Protected View security feature.
DEMO:
mail: [email protected]