MSHTML zero-day exploited via malicious Office documents — no macros required, just opening the document triggers exploitation. Apply September 2021 patches. Block ActiveX in Office via Group Policy as compensating control.
Microsoft MSHTML Remote Code Execution Vulnerability allows attackers to craft malicious ActiveX controls used by Microsoft Office documents without triggering security warnings.
Exploit-DB.ai delivers real-time AI-triaged zero-day alerts directly to your inbox.
Activate Supernova →