Remote code execution in Microsoft Windows MSHTML platform



Published: 2024-05-14
Risk Critical
Patch available YES
Number of vulnerabilities 1
CVE-ID CVE-2024-30040
CWE-ID CWE-254
Exploitation vector Network
Public exploit This vulnerability is being exploited in the wild.
Vulnerable software
Subscribe 		Microsoft Internet Explorer
Client/Desktop applications / Web browsers

Windows
Operating systems & Components / Operating system

Windows Server
Operating systems & Components / Operating system

Vendor Microsoft

Security Bulletin

This security bulletin contains one critical risk vulnerability.

1) Security features bypass

EUVDB-ID: #VU89437

Risk: Critical

CVSSv3.1: 8.4 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:H/RL:O/RC:C]

CVE-ID: CVE-2024-30040

CWE-ID: CWE-254 - Security Features

Exploit availability: No

Description

The vulnerability allows a remote attacker to compromise the affected system.

The vulnerability exists due to improper input validation within the Windows MSHTML Platform. A remote attacker can trick the victim to open or load a specially crafted file, bypass OLE mitigations in Microsoft 365 and Microsoft Office and execute arbitrary code on the system.

Note, the vulnerability is being actively exploited in the wild.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Microsoft Internet Explorer: 11 - 11.1790.17763.0

Windows: before 11 23H2 10.0.22631.3593

Windows Server: before 2022 10.0.20348.2461

CPE2.3 External links

http://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2024-30040


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

How the attacker can exploit this vulnerability?

The attacker would have to trick the victim to visit a specially crafted website.

Is there known malware, which exploits this vulnerability?

Yes. This vulnerability is being exploited in the wild.



###SIDEBAR###