CVE-2021-34497
published 2021-07-14CVE-2021-34497: Windows MSHTML Platform Remote Code Execution Vulnerability
high8.8CVSS 3.1
AVNACLPRNUIRSUCHIHAH
Windows MSHTML Platform Remote Code Execution Vulnerability
Affected
49 ranges· showing 25
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| microsoft | windows_10 | — | — |
| microsoft | windows_10 | — | — |
| microsoft | windows_10 | — | — |
| microsoft | windows_10 | — | — |
| microsoft | windows_10 | — | — |
| microsoft | windows_10 | — | — |
| microsoft | windows_10_version_1507 | >= 10.0.0 < 10.0.10240.19003 | 10.0.10240.19003 |
| microsoft | windows_10_version_1607 | >= 10.0.0 < 10.0.14393.4530 | 10.0.14393.4530 |
| microsoft | windows_10_version_1809 | >= 10.0.0 < 10.0.17763.2061 | 10.0.17763.2061 |
| microsoft | windows_10_version_1909 | >= 10.0.0 < 10.0.18363.1679 | 10.0.18363.1679 |
| microsoft | windows_10_version_2004 | >= 10.0.0 < 10.0.19041.1110 | 10.0.19041.1110 |
| microsoft | windows_10_version_20h2 | >= 10.0.0 < 10.0.19042.1110 | 10.0.19042.1110 |
| microsoft | windows_10_version_21h1 | >= 10.0.0 < 10.0.19043.1110 | 10.0.19043.1110 |
| microsoft | windows_7 | >= 6.1.0 < 6.1.7601.25661 | 6.1.7601.25661 |
| microsoft | windows_7 | >= 6.1.0 < 1.001 | 1.001 |
| microsoft | windows_7_service_pack_1 | >= 6.1.0 < 6.1.7601.25661 | 6.1.7601.25661 |
| microsoft | windows_7_service_pack_1 | >= 6.1.0 < 1.001 | 1.001 |
| microsoft | windows_8.1 | >= 6.3.0 < 6.3.9600.20069 | 6.3.9600.20069 |
| microsoft | windows_8.1 | >= 6.3.0 < 1.001 | 1.001 |
| microsoft | windows_server_2008 | — | — |
| microsoft | windows_server_2008_r2_service_pack_1 | >= 6.1.0 < 6.1.7601.25661 | 6.1.7601.25661 |
| microsoft | windows_server_2008_r2_service_pack_1 | >= 6.1.0 < 1.001 | 1.001 |
| microsoft | windows_server_2008_service_pack_2 | >= 6.0.0 < 6.0.6003.21167 | 6.0.6003.21167 |
| microsoft | windows_server_2008_service_pack_2 | >= 6.0.0 < 1.001 | 1.001 |
| microsoft | windows_server_2012 | — | — |
GHSA
GHSA-m3r4-hcc8-8q6r: Windows MSHTML Platform Remote Code Execution Vulnerability This CVE ID is unique from CVE-2021-34447
ghsa_unreviewed·2022-05-24·CVSS 6.8
CVE-2021-34497 [MEDIUM] GHSA-m3r4-hcc8-8q6r: Windows MSHTML Platform Remote Code Execution Vulnerability This CVE ID is unique from CVE-2021-34447
Windows MSHTML Platform Remote Code Execution Vulnerability This CVE ID is unique from CVE-2021-34447.
GHSA
GHSA-jrwr-qw3f-xrg9: Windows MSHTML Platform Remote Code Execution Vulnerability This CVE ID is unique from CVE-2021-34497
ghsa_unreviewed·2022-05-24·CVSS 6.8
CVE-2021-34447 [MEDIUM] GHSA-jrwr-qw3f-xrg9: Windows MSHTML Platform Remote Code Execution Vulnerability This CVE ID is unique from CVE-2021-34497
Windows MSHTML Platform Remote Code Execution Vulnerability This CVE ID is unique from CVE-2021-34497.
Microsoft
Windows MSHTML Platform Remote Code Execution Vulnerability
vendor_msrc·2021-07-13·CVSS 6.8
CVE-2021-34497 [MEDIUM] Windows MSHTML Platform Remote Code Execution Vulnerability
Windows MSHTML Platform Remote Code Execution Vulnerability
FAQ: According to the CVSS metric, user interaction is required (UI:R). What interaction would the user have to do?
This vulnerability requires that a user with an affected version of Windows access a malicious server. An attacker would have to host a specially crafted server share or website. An attacker would have no way to force users to visit this specially crafted server share or website, but would have to convince them to visit the server share or website, typically by way of an enticement in an email or chat message.
Windows MSHTML Platform: Windows MSHTML Platform
Microsoft: Microsoft
Impact: Remote Code Execution
Exploit Status: Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;Older
No detection rules found.
No public exploits indexed.
Crowdstrike
July 2021 Patch Tuesday: Updates and Analysis
blogs_crowdstrike·CVSS 7.5
CVE-2026-20929 [HIGH] July 2021 Patch Tuesday: Updates and Analysis
How CrowdStrike is Accelerating Exposure Evaluation as Adversaries Gain Speed Apr 06, 2026
STARDUST CHOLLIMA Likely Compromises Axios npm Package Apr 01, 2026
Falcon for IT Supports Windows Secure Boot Certificate Lifecycle Management Apr 01, 2026
Detecting CVE-2026-20929: Kerberos Authentication Relay via CNAME Abuse Mar 31, 2026
How CrowdStrike is Accelerating Exposure Evaluation as Adversaries Gain Speed Apr 06, 2026
STARDUST CHOLLIMA Likely Compromises Axios npm Package Apr 01, 2026
Falcon for IT Supports Windows Secure Boot Certificate Lifecycle Management Apr 01, 2026
Detecting CVE-2026-20929: Kerberos Authentication Relay via CNAME Abuse Mar 31, 2026
Video Highlights the 4 Key Steps to Successful Incident Response Dec 02, 2019
Helping Non-Security Stakeholders Understand AT
Crowdstrike
July 2021 Patch Tuesday: Updates and Analysis
blogs_crowdstrike·CVSS 7.5
CVE-2026-20929 [HIGH] July 2021 Patch Tuesday: Updates and Analysis
STARDUST CHOLLIMA Likely Compromises Axios npm Package Apr 01, 2026
Falcon for IT Supports Windows Secure Boot Certificate Lifecycle Management Apr 01, 2026
Detecting CVE-2026-20929: Kerberos Authentication Relay via CNAME Abuse Mar 31, 2026
How Charlotte AI AgentWorks Fuels Security's Agentic Ecosystem Mar 25, 2026
STARDUST CHOLLIMA Likely Compromises Axios npm Package Apr 01, 2026
Falcon for IT Supports Windows Secure Boot Certificate Lifecycle Management Apr 01, 2026
Detecting CVE-2026-20929: Kerberos Authentication Relay via CNAME Abuse Mar 31, 2026
How Charlotte AI AgentWorks Fuels Security's Agentic Ecosystem Mar 25, 2026
Video Highlights the 4 Key Steps to Successful Incident Response Dec 02, 2019
Helping Non-Security Stakeholders Understand ATT&CK in 10 Minutes or Less [VI
2021-07-14
Published