CVE-2021-34447
published 2021-07-16CVE-2021-34447: Windows MSHTML Platform Remote Code Execution Vulnerability
high8.8CVSS 3.1
AVNACLPRNUIRSUCHIHAH
Windows MSHTML Platform Remote Code Execution Vulnerability
Affected
47 ranges· showing 25
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| microsoft | windows_10 | — | — |
| microsoft | windows_10 | — | — |
| microsoft | windows_10 | — | — |
| microsoft | windows_10 | — | — |
| microsoft | windows_10 | — | — |
| microsoft | windows_10 | — | — |
| microsoft | windows_10_version_1507 | >= 10.0.0 < 10.0.10240.19003 | 10.0.10240.19003 |
| microsoft | windows_10_version_1607 | >= 10.0.0 < 10.0.14393.4530 | 10.0.14393.4530 |
| microsoft | windows_10_version_1809 | >= 10.0.0 < 10.0.17763.2061 | 10.0.17763.2061 |
| microsoft | windows_10_version_1909 | >= 10.0.0 < 10.0.18363.1679 | 10.0.18363.1679 |
| microsoft | windows_10_version_2004 | >= 10.0.0 < 10.0.19041.1110 | 10.0.19041.1110 |
| microsoft | windows_10_version_20h2 | >= 10.0.0 < 10.0.19042.1110 | 10.0.19042.1110 |
| microsoft | windows_10_version_21h1 | >= 10.0.0 < 10.0.19043.1110 | 10.0.19043.1110 |
| microsoft | windows_7 | >= 6.1.0 < 6.1.7601.25661 | 6.1.7601.25661 |
| microsoft | windows_7 | >= 6.1.0 < 1.001 | 1.001 |
| microsoft | windows_7_service_pack_1 | >= 6.1.0 < 6.1.7601.25661 | 6.1.7601.25661 |
| microsoft | windows_7_service_pack_1 | >= 6.1.0 < 1.001 | 1.001 |
| microsoft | windows_8.1 | >= 6.3.0 < 6.3.9600.20069 | 6.3.9600.20069 |
| microsoft | windows_8.1 | >= 6.3.0 < 1.001 | 1.001 |
| microsoft | windows_server_2008 | — | — |
| microsoft | windows_server_2008_r2_service_pack_1 | >= 6.1.0 < 6.1.7601.25661 | 6.1.7601.25661 |
| microsoft | windows_server_2008_r2_service_pack_1 | >= 6.1.0 < 1.001 | 1.001 |
| microsoft | windows_server_2008_service_pack_2 | >= 6.0.0 < 6.0.6003.21167 | 6.0.6003.21167 |
| microsoft | windows_server_2008_service_pack_2 | >= 6.0.0 < 1.001 | 1.001 |
| microsoft | windows_server_2012 | — | — |
GHSA
GHSA-m3r4-hcc8-8q6r: Windows MSHTML Platform Remote Code Execution Vulnerability This CVE ID is unique from CVE-2021-34447
ghsa_unreviewed·2022-05-24·CVSS 6.8
CVE-2021-34497 [MEDIUM] GHSA-m3r4-hcc8-8q6r: Windows MSHTML Platform Remote Code Execution Vulnerability This CVE ID is unique from CVE-2021-34447
Windows MSHTML Platform Remote Code Execution Vulnerability This CVE ID is unique from CVE-2021-34447.
GHSA
GHSA-jrwr-qw3f-xrg9: Windows MSHTML Platform Remote Code Execution Vulnerability This CVE ID is unique from CVE-2021-34497
ghsa_unreviewed·2022-05-24·CVSS 6.8
CVE-2021-34447 [MEDIUM] GHSA-jrwr-qw3f-xrg9: Windows MSHTML Platform Remote Code Execution Vulnerability This CVE ID is unique from CVE-2021-34497
Windows MSHTML Platform Remote Code Execution Vulnerability This CVE ID is unique from CVE-2021-34497.
Microsoft
Windows MSHTML Platform Remote Code Execution Vulnerability
vendor_msrc·2021-07-13·CVSS 6.8
CVE-2021-34447 [MEDIUM] Windows MSHTML Platform Remote Code Execution Vulnerability
Windows MSHTML Platform Remote Code Execution Vulnerability
FAQ: According to the CVSS metric, user interaction is required (UI:R). What interaction would the user have to do?
This vulnerability requires that a user with an affected version of Windows access a malicious server. An attacker would have to host a specially crafted server share or website. An attacker would have no way to force users to visit this specially crafted server share or website, but would have to convince them to visit the server share or website, typically by way of an enticement in an email or chat message.
Windows MSHTML Platform: Windows MSHTML Platform
Microsoft: Microsoft
Impact: Remote Code Execution
Exploit Status: Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;Older
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2021-07-16
Published