Дата обнаружения
|
07/09/2021 |
Уровень угрозы
|
High |
Описание
|
A remote code execution vulnerability was found in Microsoft Windows. Malicious users can exploit this vulnerability to execute arbitrary code. |
Эксплуатация
|
The following public exploits exists for this vulnerability: https://github.com/ozergoker/CVE-2021-40444 https://github.com/DarkSprings/CVE-2021-40444 https://github.com/rfcxv/CVE-2021-40444-POC https://github.com/bambooqj/CVE-2021-40444_EXP_JS https://github.com/Immersive-Labs-Sec/cve-2021-40444-analysis https://github.com/vysecurity/CVE-2021-40444 https://github.com/Udyz/CVE-2021-40444-Sample https://github.com/zaneGittins/CVE-2021-40444-evtx https://github.com/lockedbyte/CVE-2021-40444 https://github.com/fengjixuchui/CVE-2021-40444-docx-Generate https://github.com/KnoooW/CVE-2021-40444-docx-Generate https://github.com/nightrelax/Exploit-PoC-CVE-2021-40444-inject-ma-doc-vao-docx https://github.com/amartinsec/MSHTMHell https://github.com/mansk1es/Caboom https://github.com/jamesrep/cve-2021-40444 https://github.com/aslitsecurity/CVE-2021-40444_builders https://github.com/khoaduynu/CVE-2021-40444 https://github.com/js-on/CVE-2021-40444 https://github.com/k8gege/CVE-2021-40444 https://github.com/vanhohen/MSHTML-CVE-2021-40444 https://github.com/klezVirus/CVE-2021-40444 https://github.com/Udyz/CVE-2021-40444-CAB https://github.com/gh0stxplt/CVE-2021-40444-URL-Extractor https://github.com/Edubr2020/CVE-2021-40444—CABless https://github.com/kal1gh0st/CVE-2021-40444_CAB_archives https://github.com/LazarusReborn/Docx-Exploit-2021 https://github.com/H0j3n/CVE-2021-40444 https://github.com/factionsypho/TIC4301_Project https://github.com/TiagoSergio/CVE-2021-40444 https://github.com/0xK4gura/CVE-2021-40444-POC https://github.com/Zeop-CyberSec/word_mshtml https://github.com/Jeromeyoung/MSHTMHell https://github.com/metehangenel/MSHTML-CVE-2021-40444 https://github.com/Alexcot25051999/CVE-2021-40444 https://github.com/lisinan988/CVE-2021-40444-exp https://github.com/W1kyri3/Exploit-PoC-CVE-2021-40444-inject-ma-doc-vao-docx Malware exists for this vulnerability. Usually such malware is classified as Exploit. More details. |
Пораженные продукты
|
Windows Server 2012 R2 (Server Core installation) |
Решение
|
Install necessary updates from the KB section, that are listed in your Windows Update (Windows Update usually can be accessed from the Control Panel) |
Первичный источник обнаружения
|
CVE-2021-40444 |
Оказываемое влияние
?
|
ACE
[?]
|
Связанные продукты
|
Microsoft Windows Microsoft Windows Server Microsoft Windows Server 2012 Microsoft Windows 8 Microsoft Windows 7 Microsoft Windows Server 2008 Windows RT Microsoft Windows 10 |
CVE-IDS
|