csaf_opensuse - opensuse-su-2024:13674-1

OPENSUSE-SU-2024:13674-1

Vulnerability from csaf_opensuse - Published: 2024-06-15 00:00 - Updated: 2024-06-15 00:00

Summary

python310-oletools-0.60.1-1.1 on GA media

Notes

Title of the patch

python310-oletools-0.60.1-1.1 on GA media

Description of the patch

These are all security issues fixed in the python310-oletools-0.60.1-1.1 package on the GA media of openSUSE Tumbleweed.

Patchnames

openSUSE-Tumbleweed-2024-13674

CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "namespace": "https://www.suse.com/support/security/rating/",
      "text": "moderate"
    },
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Copyright 2024 SUSE LLC. All rights reserved.",
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "en",
    "notes": [
      {
        "category": "summary",
        "text": "python310-oletools-0.60.1-1.1 on GA media",
        "title": "Title of the patch"
      },
      {
        "category": "description",
        "text": "These are all security issues fixed in the python310-oletools-0.60.1-1.1 package on the GA media of openSUSE Tumbleweed.",
        "title": "Description of the patch"
      },
      {
        "category": "details",
        "text": "openSUSE-Tumbleweed-2024-13674",
        "title": "Patchnames"
      },
      {
        "category": "legal_disclaimer",
        "text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
        "title": "Terms of use"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "https://www.suse.com/support/security/contact/",
      "name": "SUSE Product Security Team",
      "namespace": "https://www.suse.com/"
    },
    "references": [
      {
        "category": "external",
        "summary": "SUSE ratings",
        "url": "https://www.suse.com/support/security/rating/"
      },
      {
        "category": "self",
        "summary": "URL of this CSAF notice",
        "url": "https://ftp.suse.com/pub/projects/security/csaf/opensuse-su-2024_13674-1.json"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2021-40444 page",
        "url": "https://www.suse.com/security/cve/CVE-2021-40444/"
      }
    ],
    "title": "python310-oletools-0.60.1-1.1 on GA media",
    "tracking": {
      "current_release_date": "2024-06-15T00:00:00Z",
      "generator": {
        "date": "2024-06-15T00:00:00Z",
        "engine": {
          "name": "cve-database.git:bin/generate-csaf.pl",
          "version": "1"
        }
      },
      "id": "openSUSE-SU-2024:13674-1",
      "initial_release_date": "2024-06-15T00:00:00Z",
      "revision_history": [
        {
          "date": "2024-06-15T00:00:00Z",
          "number": "1",
          "summary": "Current version"
        }
      ],
      "status": "final",
      "version": "1"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_version",
                "name": "python310-oletools-0.60.1-1.1.aarch64",
                "product": {
                  "name": "python310-oletools-0.60.1-1.1.aarch64",
                  "product_id": "python310-oletools-0.60.1-1.1.aarch64"
                }
              },
              {
                "category": "product_version",
                "name": "python311-oletools-0.60.1-1.1.aarch64",
                "product": {
                  "name": "python311-oletools-0.60.1-1.1.aarch64",
                  "product_id": "python311-oletools-0.60.1-1.1.aarch64"
                }
              },
              {
                "category": "product_version",
                "name": "python312-oletools-0.60.1-1.1.aarch64",
                "product": {
                  "name": "python312-oletools-0.60.1-1.1.aarch64",
                  "product_id": "python312-oletools-0.60.1-1.1.aarch64"
                }
              },
              {
                "category": "product_version",
                "name": "python39-oletools-0.60.1-1.1.aarch64",
                "product": {
                  "name": "python39-oletools-0.60.1-1.1.aarch64",
                  "product_id": "python39-oletools-0.60.1-1.1.aarch64"
                }
              }
            ],
            "category": "architecture",
            "name": "aarch64"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "python310-oletools-0.60.1-1.1.ppc64le",
                "product": {
                  "name": "python310-oletools-0.60.1-1.1.ppc64le",
                  "product_id": "python310-oletools-0.60.1-1.1.ppc64le"
                }
              },
              {
                "category": "product_version",
                "name": "python311-oletools-0.60.1-1.1.ppc64le",
                "product": {
                  "name": "python311-oletools-0.60.1-1.1.ppc64le",
                  "product_id": "python311-oletools-0.60.1-1.1.ppc64le"
                }
              },
              {
                "category": "product_version",
                "name": "python312-oletools-0.60.1-1.1.ppc64le",
                "product": {
                  "name": "python312-oletools-0.60.1-1.1.ppc64le",
                  "product_id": "python312-oletools-0.60.1-1.1.ppc64le"
                }
              },
              {
                "category": "product_version",
                "name": "python39-oletools-0.60.1-1.1.ppc64le",
                "product": {
                  "name": "python39-oletools-0.60.1-1.1.ppc64le",
                  "product_id": "python39-oletools-0.60.1-1.1.ppc64le"
                }
              }
            ],
            "category": "architecture",
            "name": "ppc64le"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "python310-oletools-0.60.1-1.1.s390x",
                "product": {
                  "name": "python310-oletools-0.60.1-1.1.s390x",
                  "product_id": "python310-oletools-0.60.1-1.1.s390x"
                }
              },
              {
                "category": "product_version",
                "name": "python311-oletools-0.60.1-1.1.s390x",
                "product": {
                  "name": "python311-oletools-0.60.1-1.1.s390x",
                  "product_id": "python311-oletools-0.60.1-1.1.s390x"
                }
              },
              {
                "category": "product_version",
                "name": "python312-oletools-0.60.1-1.1.s390x",
                "product": {
                  "name": "python312-oletools-0.60.1-1.1.s390x",
                  "product_id": "python312-oletools-0.60.1-1.1.s390x"
                }
              },
              {
                "category": "product_version",
                "name": "python39-oletools-0.60.1-1.1.s390x",
                "product": {
                  "name": "python39-oletools-0.60.1-1.1.s390x",
                  "product_id": "python39-oletools-0.60.1-1.1.s390x"
                }
              }
            ],
            "category": "architecture",
            "name": "s390x"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "python310-oletools-0.60.1-1.1.x86_64",
                "product": {
                  "name": "python310-oletools-0.60.1-1.1.x86_64",
                  "product_id": "python310-oletools-0.60.1-1.1.x86_64"
                }
              },
              {
                "category": "product_version",
                "name": "python311-oletools-0.60.1-1.1.x86_64",
                "product": {
                  "name": "python311-oletools-0.60.1-1.1.x86_64",
                  "product_id": "python311-oletools-0.60.1-1.1.x86_64"
                }
              },
              {
                "category": "product_version",
                "name": "python312-oletools-0.60.1-1.1.x86_64",
                "product": {
                  "name": "python312-oletools-0.60.1-1.1.x86_64",
                  "product_id": "python312-oletools-0.60.1-1.1.x86_64"
                }
              },
              {
                "category": "product_version",
                "name": "python39-oletools-0.60.1-1.1.x86_64",
                "product": {
                  "name": "python39-oletools-0.60.1-1.1.x86_64",
                  "product_id": "python39-oletools-0.60.1-1.1.x86_64"
                }
              }
            ],
            "category": "architecture",
            "name": "x86_64"
          },
          {
            "branches": [
              {
                "category": "product_name",
                "name": "openSUSE Tumbleweed",
                "product": {
                  "name": "openSUSE Tumbleweed",
                  "product_id": "openSUSE Tumbleweed",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:opensuse:tumbleweed"
                  }
                }
              }
            ],
            "category": "product_family",
            "name": "SUSE Linux Enterprise"
          }
        ],
        "category": "vendor",
        "name": "SUSE"
      }
    ],
    "relationships": [
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "python310-oletools-0.60.1-1.1.aarch64 as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:python310-oletools-0.60.1-1.1.aarch64"
        },
        "product_reference": "python310-oletools-0.60.1-1.1.aarch64",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "python310-oletools-0.60.1-1.1.ppc64le as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:python310-oletools-0.60.1-1.1.ppc64le"
        },
        "product_reference": "python310-oletools-0.60.1-1.1.ppc64le",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "python310-oletools-0.60.1-1.1.s390x as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:python310-oletools-0.60.1-1.1.s390x"
        },
        "product_reference": "python310-oletools-0.60.1-1.1.s390x",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "python310-oletools-0.60.1-1.1.x86_64 as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:python310-oletools-0.60.1-1.1.x86_64"
        },
        "product_reference": "python310-oletools-0.60.1-1.1.x86_64",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "python311-oletools-0.60.1-1.1.aarch64 as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:python311-oletools-0.60.1-1.1.aarch64"
        },
        "product_reference": "python311-oletools-0.60.1-1.1.aarch64",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "python311-oletools-0.60.1-1.1.ppc64le as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:python311-oletools-0.60.1-1.1.ppc64le"
        },
        "product_reference": "python311-oletools-0.60.1-1.1.ppc64le",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "python311-oletools-0.60.1-1.1.s390x as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:python311-oletools-0.60.1-1.1.s390x"
        },
        "product_reference": "python311-oletools-0.60.1-1.1.s390x",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "python311-oletools-0.60.1-1.1.x86_64 as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:python311-oletools-0.60.1-1.1.x86_64"
        },
        "product_reference": "python311-oletools-0.60.1-1.1.x86_64",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "python312-oletools-0.60.1-1.1.aarch64 as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:python312-oletools-0.60.1-1.1.aarch64"
        },
        "product_reference": "python312-oletools-0.60.1-1.1.aarch64",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "python312-oletools-0.60.1-1.1.ppc64le as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:python312-oletools-0.60.1-1.1.ppc64le"
        },
        "product_reference": "python312-oletools-0.60.1-1.1.ppc64le",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "python312-oletools-0.60.1-1.1.s390x as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:python312-oletools-0.60.1-1.1.s390x"
        },
        "product_reference": "python312-oletools-0.60.1-1.1.s390x",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "python312-oletools-0.60.1-1.1.x86_64 as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:python312-oletools-0.60.1-1.1.x86_64"
        },
        "product_reference": "python312-oletools-0.60.1-1.1.x86_64",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "python39-oletools-0.60.1-1.1.aarch64 as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:python39-oletools-0.60.1-1.1.aarch64"
        },
        "product_reference": "python39-oletools-0.60.1-1.1.aarch64",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "python39-oletools-0.60.1-1.1.ppc64le as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:python39-oletools-0.60.1-1.1.ppc64le"
        },
        "product_reference": "python39-oletools-0.60.1-1.1.ppc64le",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "python39-oletools-0.60.1-1.1.s390x as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:python39-oletools-0.60.1-1.1.s390x"
        },
        "product_reference": "python39-oletools-0.60.1-1.1.s390x",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "python39-oletools-0.60.1-1.1.x86_64 as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:python39-oletools-0.60.1-1.1.x86_64"
        },
        "product_reference": "python39-oletools-0.60.1-1.1.x86_64",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2021-40444",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2021-40444"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "\u003cp\u003eMicrosoft is investigating reports of a remote code execution vulnerability in MSHTML that affects Microsoft Windows. Microsoft is aware of targeted attacks that attempt to exploit this vulnerability by using specially-crafted Microsoft Office documents.\u003c/p\u003e\n\u003cp\u003eAn attacker could craft a malicious ActiveX control to be used by a Microsoft Office document that hosts the browser rendering engine. The attacker would then have to convince the user to open the malicious document. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.\u003c/p\u003e\n\u003cp\u003eMicrosoft Defender Antivirus and Microsoft Defender for Endpoint both provide detection and protections for the known vulnerability. Customers should keep antimalware products up to date. Customers who utilize automatic updates do not need to take additional action. Enterprise customers who manage updates should select the detection build 1.349.22.0 or newer and deploy it across their environments. Microsoft Defender for Endpoint alerts will be displayed as: \"Suspicious Cpl File Execution\".\u003c/p\u003e\n\u003cp\u003eUpon completion of this investigation, Microsoft will take the appropriate action to help protect our customers. This may include providing a security update through our monthly release process or providing an out-of-cycle security update, depending on customer needs.\u003c/p\u003e\n\u003cp\u003ePlease see the \u003cstrong\u003eMitigations\u003c/strong\u003e and \u003cstrong\u003eWorkaround\u003c/strong\u003e sections for important information about steps you can take to protect your system from this vulnerability.\u003c/p\u003e\n\u003cp\u003e\u003cstrong\u003eUPDATE\u003c/strong\u003e September 14, 2021: Microsoft has released security updates to address this vulnerability. Please see the Security Updates table for the applicable update for your system. We recommend that you install these updates immediately. Please see the FAQ for important information about which updates are applicable to your system.\u003c/p\u003e\n",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "openSUSE Tumbleweed:python310-oletools-0.60.1-1.1.aarch64",
          "openSUSE Tumbleweed:python310-oletools-0.60.1-1.1.ppc64le",
          "openSUSE Tumbleweed:python310-oletools-0.60.1-1.1.s390x",
          "openSUSE Tumbleweed:python310-oletools-0.60.1-1.1.x86_64",
          "openSUSE Tumbleweed:python311-oletools-0.60.1-1.1.aarch64",
          "openSUSE Tumbleweed:python311-oletools-0.60.1-1.1.ppc64le",
          "openSUSE Tumbleweed:python311-oletools-0.60.1-1.1.s390x",
          "openSUSE Tumbleweed:python311-oletools-0.60.1-1.1.x86_64",
          "openSUSE Tumbleweed:python312-oletools-0.60.1-1.1.aarch64",
          "openSUSE Tumbleweed:python312-oletools-0.60.1-1.1.ppc64le",
          "openSUSE Tumbleweed:python312-oletools-0.60.1-1.1.s390x",
          "openSUSE Tumbleweed:python312-oletools-0.60.1-1.1.x86_64",
          "openSUSE Tumbleweed:python39-oletools-0.60.1-1.1.aarch64",
          "openSUSE Tumbleweed:python39-oletools-0.60.1-1.1.ppc64le",
          "openSUSE Tumbleweed:python39-oletools-0.60.1-1.1.s390x",
          "openSUSE Tumbleweed:python39-oletools-0.60.1-1.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2021-40444",
          "url": "https://www.suse.com/security/cve/CVE-2021-40444"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "openSUSE Tumbleweed:python310-oletools-0.60.1-1.1.aarch64",
            "openSUSE Tumbleweed:python310-oletools-0.60.1-1.1.ppc64le",
            "openSUSE Tumbleweed:python310-oletools-0.60.1-1.1.s390x",
            "openSUSE Tumbleweed:python310-oletools-0.60.1-1.1.x86_64",
            "openSUSE Tumbleweed:python311-oletools-0.60.1-1.1.aarch64",
            "openSUSE Tumbleweed:python311-oletools-0.60.1-1.1.ppc64le",
            "openSUSE Tumbleweed:python311-oletools-0.60.1-1.1.s390x",
            "openSUSE Tumbleweed:python311-oletools-0.60.1-1.1.x86_64",
            "openSUSE Tumbleweed:python312-oletools-0.60.1-1.1.aarch64",
            "openSUSE Tumbleweed:python312-oletools-0.60.1-1.1.ppc64le",
            "openSUSE Tumbleweed:python312-oletools-0.60.1-1.1.s390x",
            "openSUSE Tumbleweed:python312-oletools-0.60.1-1.1.x86_64",
            "openSUSE Tumbleweed:python39-oletools-0.60.1-1.1.aarch64",
            "openSUSE Tumbleweed:python39-oletools-0.60.1-1.1.ppc64le",
            "openSUSE Tumbleweed:python39-oletools-0.60.1-1.1.s390x",
            "openSUSE Tumbleweed:python39-oletools-0.60.1-1.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.8,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "openSUSE Tumbleweed:python310-oletools-0.60.1-1.1.aarch64",
            "openSUSE Tumbleweed:python310-oletools-0.60.1-1.1.ppc64le",
            "openSUSE Tumbleweed:python310-oletools-0.60.1-1.1.s390x",
            "openSUSE Tumbleweed:python310-oletools-0.60.1-1.1.x86_64",
            "openSUSE Tumbleweed:python311-oletools-0.60.1-1.1.aarch64",
            "openSUSE Tumbleweed:python311-oletools-0.60.1-1.1.ppc64le",
            "openSUSE Tumbleweed:python311-oletools-0.60.1-1.1.s390x",
            "openSUSE Tumbleweed:python311-oletools-0.60.1-1.1.x86_64",
            "openSUSE Tumbleweed:python312-oletools-0.60.1-1.1.aarch64",
            "openSUSE Tumbleweed:python312-oletools-0.60.1-1.1.ppc64le",
            "openSUSE Tumbleweed:python312-oletools-0.60.1-1.1.s390x",
            "openSUSE Tumbleweed:python312-oletools-0.60.1-1.1.x86_64",
            "openSUSE Tumbleweed:python39-oletools-0.60.1-1.1.aarch64",
            "openSUSE Tumbleweed:python39-oletools-0.60.1-1.1.ppc64le",
            "openSUSE Tumbleweed:python39-oletools-0.60.1-1.1.s390x",
            "openSUSE Tumbleweed:python39-oletools-0.60.1-1.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2024-06-15T00:00:00Z",
          "details": "important"
        }
      ],
      "title": "CVE-2021-40444"
    }
  ]
}

CVE-2021-40444 (GCVE-0-2021-40444)

Vulnerability from cvelistv5 – Published: 2021-09-15 11:24 – Updated: 2025-10-21 23:25

Summary

Microsoft is investigating reports of a remote code execution vulnerability in MSHTML that affects Microsoft Windows. Microsoft is aware of targeted attacks that attempt to exploit this vulnerability by using specially-crafted Microsoft Office documents. An attacker could craft a malicious ActiveX control to be used by a Microsoft Office document that hosts the browser rendering engine. The attacker would then have to convince the user to open the malicious document. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights. Microsoft Defender Antivirus and Microsoft Defender for Endpoint both provide detection and protections for the known vulnerability. Customers should keep antimalware products up to date. Customers who utilize automatic updates do not need to take additional action. Enterprise customers who manage updates should select the detection build 1.349.22.0 or newer and deploy it across their environments. Microsoft Defender for Endpoint alerts will be displayed as: “Suspicious Cpl File Execution”. Upon completion of this investigation, Microsoft will take the appropriate action to help protect our customers. This may include providing a security update through our monthly release process or providing an out-of-cycle security update, depending on customer needs. Please see the Mitigations and Workaround sections for important information about steps you can take to protect your system from this vulnerability. UPDATE September 14, 2021: Microsoft has released security updates to address this vulnerability. Please see the Security Updates table for the applicable update for your system. We recommend that you install these updates immediately. Please see the FAQ for important information about which updates are applicable to your system.

Severity ?

8.8 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:H/A:L/E:P/RL:O/RC:C

CWE

Remote Code Execution

Assigner

microsoft

References

URL

Tags

	https://portal.msrc.microsoft.com/en-US/security-…	x_refsource_MISC
	http://packetstormsecurity.com/files/164210/Micro…	x_refsource_MISC
	http://packetstormsecurity.com/files/165214/Micro…	x_refsource_MISC
	http://packetstormsecurity.com/files/167317/Micro…	x_refsource_MISC

Impacted products

Vendor

Product

Version

Microsoft

Windows 10 Version 1809

Affected: 10.0.0 , < 10.0.17763.2183 (custom)
 cpe:2.3:o:microsoft:windows_10_1809:10.0.17763.2183:*:*:*:*:*:x86:*
 cpe:2.3:o:microsoft:windows_10_1809:10.0.17763.2183:*:*:*:*:*:x64:*
 cpe:2.3:o:microsoft:windows_10_1809:10.0.17763.2183:*:*:*:*:*:arm64:*

Microsoft	Windows Server 2019	Affected: 10.0.0 , < 10.0.17763.2183 (custom) cpe:2.3:o:microsoft:windows_server_2019:10.0.17763.2183:::::::*
Microsoft	Windows Server 2019 (Server Core installation)	Affected: 10.0.0 , < 10.0.17763.2183 (custom) cpe:2.3:o:microsoft:windows_server_2019:10.0.17763.2183:::::::*
Microsoft	Windows 10 Version 1909	Affected: 10.0.0 , < 10.0.18363.1801 (custom) cpe:2.3:o:microsoft:windows_10_1909:10.0.18363.1801::::::x86: cpe:2.3:o:microsoft:windows_10_1909:10.0.18363.1801::::::x64: cpe:2.3:o:microsoft:windows_10_1809:10.0.18363.1801::::::x64:
Microsoft	Windows 10 Version 21H1	Affected: 10.0.0 , < 10.0.19043.1237 (custom) cpe:2.3:o:microsoft:windows_10_21H1:10.0.19043.1237::::::x64: cpe:2.3:o:microsoft:windows_10_21H1:10.0.19043.1237::::::arm64: cpe:2.3:o:microsoft:windows_10_21H1:10.0.19043.1237::::::x86:
Microsoft	Windows Server 2022	Affected: 10.0.0 , < 10.0.20348.230 (custom) cpe:2.3:o:microsoft:windows_server_2022:10.0.20348.230:::::::*
Microsoft	Windows 10 Version 2004	Affected: 10.0.0 , < 10.0.19041.1237 (custom) cpe:2.3:o:microsoft:windows_10_1809:10.0.19041.1237::::::x64:
Microsoft	Windows Server version 2004	Affected: 10.0.0 , < 10.0.19041.1237 (custom) cpe:2.3:o:microsoft:windows_server_2004:10.0.19041.1237:::::::*
Microsoft	Windows 10 Version 20H2	Affected: 10.0.0 , < 10.0.19042.1237 (custom) cpe:2.3:o:microsoft:windows_10_20H2:10.0.19042.1237::::::x86: cpe:2.3:o:microsoft:windows_10_20H2:10.0.19042.1237::::::arm64:
Microsoft	Windows Server version 20H2	Affected: 10.0.0 , < 10.0.19042.1237 (custom) cpe:2.3:o:microsoft:windows_server_20H2:10.0.19042.1237:::::::*
Microsoft	Windows 10 Version 1507	Affected: 10.0.0 , < 10.0.10240.19060 (custom) cpe:2.3:o:microsoft:windows_10_1507:10.0.10240.19060::::::x86: cpe:2.3:o:microsoft:windows_10_1507:10.0.10240.19060::::::x64:
Microsoft	Windows 10 Version 1607	Affected: 10.0.0 , < 10.0.14393.4651 (custom) cpe:2.3:o:microsoft:windows_10_1607:10.0.14393.4651::::::x86: cpe:2.3:o:microsoft:windows_10_1607:10.0.14393.4651::::::x64:
Microsoft	Windows Server 2016	Affected: 10.0.0 , < 10.0.14393.4651 (custom) cpe:2.3:o:microsoft:windows_server_2016:10.0.14393.4651:::::::*
Microsoft	Windows Server 2016 (Server Core installation)	Affected: 10.0.0 , < 10.0.14393.4651 (custom) cpe:2.3:o:microsoft:windows_server_2016:10.0.14393.4651:::::::*
Microsoft	Windows 7	Affected: 6.1.0 , < 6.1.7601.25712 (custom) Affected: 6.1.0 , < 1.001 (custom) Affected: 6.1.0 , < 6.1.7601.26221 (custom) cpe:2.3:o:microsoft:windows_7:6.1.7601.25712:sp1:::::x86:* cpe:2.3:o:microsoft:windows_7:1.001:sp1:::::x86:* cpe:2.3:o:microsoft:windows_7:6.1.7601.26221:sp1:::::x86:*
Microsoft	Windows 7 Service Pack 1	Affected: 6.1.0 , < 6.1.7601.25712 (custom) Affected: 6.1.0 , < 1.001 (custom) Affected: 6.1.0 , < 6.1.7601.26221 (custom) cpe:2.3:o:microsoft:windows_7:6.1.7601.25712:sp1:::::x64:* cpe:2.3:o:microsoft:windows_7:1.001:sp1:::::x64:* cpe:2.3:o:microsoft:windows_7:6.1.7601.26221:sp1:::::x64:*
Microsoft	Windows 8.1	Affected: 6.3.0 , < 6.3.9600.20120 (custom) Affected: 6.3.0 , < 1.001 (custom) cpe:2.3:o:microsoft:windows_8.1:6.3.9600.20120::::::x86: cpe:2.3:o:microsoft:windows_8.1:1.001::::::x86: cpe:2.3:o:microsoft:windows_8.1:6.3.9600.20120::::::x64: cpe:2.3:o:microsoft:windows_8.1:1.001::::::x64: cpe:2.3:o:microsoft:windows_rt_8.1:6.3.9600.20120:::::::*
Microsoft	Windows Server 2008 Service Pack 2	Affected: 6.0.0 , < 6.0.6003.21218 (custom) Affected: 6.0.0 , < 1.001 (custom) cpe:2.3:o:microsoft:windows_server_2008_sp2:6.0.6003.21218::::::x64: cpe:2.3:o:microsoft:windows_server_2008_sp2:1.001::::::x64:
Microsoft	Windows Server 2008 Service Pack 2 (Server Core installation)	Affected: 6.0.0 , < 6.0.6003.21218 (custom) Affected: 6.0.0 , < 1.001 (custom) cpe:2.3:o:microsoft:windows_server_2008_sp2:6.0.6003.21218::::::x64: cpe:2.3:o:microsoft:windows_server_2008_sp2:1.001::::::x64: cpe:2.3:o:microsoft:windows_server_2008_sp2:6.0.6003.21218::::::x86: cpe:2.3:o:microsoft:windows_server_2008_sp2:1.001::::::x86:
Microsoft	Windows Server 2008 Service Pack 2	Affected: 6.0.0 , < 6.0.6003.21218 (custom) Affected: 6.0.0 , < 1.001 (custom) cpe:2.3:o:microsoft:windows_server_2008_sp2:6.0.6003.21218::::::x86: cpe:2.3:o:microsoft:windows_server_2008_sp2:1.001::::::x86:
Microsoft	Windows Server 2008 R2 Service Pack 1	Affected: 6.1.0 , < 6.1.7601.25712 (custom) Affected: 6.1.0 , < 1.001 (custom) cpe:2.3:o:microsoft:windows_server_2008_R2:6.1.7601.25712::::::x64: cpe:2.3:o:microsoft:windows_server_2008_R2:1.001::::::x64:
Microsoft	Windows Server 2008 R2 Service Pack 1 (Server Core installation)	Affected: 6.0.0 , < 6.1.7601.25712 (custom) Affected: 6.0.0 , < 1.001 (custom) cpe:2.3:o:microsoft:windows_server_2008_R2:6.1.7601.25712::::::x64: cpe:2.3:o:microsoft:windows_server_2008_R2:1.001::::::x64:
Microsoft	Windows Server 2012	Affected: 6.2.0 , < 6.2.9200.23462 (custom) Affected: 6.2.0 , < 1.001 (custom) cpe:2.3:o:microsoft:windows_server_2012:6.2.9200.23462::::::x64: cpe:2.3:o:microsoft:windows_server_2012:1.001::::::x64:
Microsoft	Windows Server 2012 (Server Core installation)	Affected: 6.2.0 , < 6.2.9200.23462 (custom) Affected: 6.2.0 , < 1.001 (custom) cpe:2.3:o:microsoft:windows_server_2012:6.2.9200.23462::::::x64: cpe:2.3:o:microsoft:windows_server_2012:1.001::::::x64:
Microsoft	Windows Server 2012 R2	Affected: 6.3.0 , < 6.3.9600.20120 (custom) Affected: 6.3.0 , < 1.001 (custom) cpe:2.3:o:microsoft:windows_server_2012_R2:6.3.9600.20120::::::x64: cpe:2.3:o:microsoft:windows_server_2012_R2:1.001::::::x64:
Microsoft	Windows Server 2012 R2 (Server Core installation)	Affected: 6.3.0 , < 6.3.9600.20120 (custom) Affected: 6.3.0 , < 1.001 (custom) cpe:2.3:o:microsoft:windows_server_2012_R2:6.3.9600.20120::::::x64: cpe:2.3:o:microsoft:windows_server_2012_R2:1.001::::::x64:

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T02:44:10.337Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-40444"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://packetstormsecurity.com/files/164210/Microsoft-Windows-MSHTML-Overview.html"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://packetstormsecurity.com/files/165214/Microsoft-Office-Word-MSHTML-Remote-Code-Execution.html"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://packetstormsecurity.com/files/167317/Microsoft-Office-MSDT-Follina-Proof-Of-Concept.html"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2021-40444",
                "options": [
                  {
                    "Exploitation": "active"
                  },
                  {
                    "Automatable": "slow"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-07-24T03:55:34.906967Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          },
          {
            "other": {
              "content": {
                "dateAdded": "2021-11-03",
                "reference": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2021-40444"
              },
              "type": "kev"
            }
          }
        ],
        "problemTypes": [
          {
            "descriptions": [
              {
                "cweId": "CWE-22",
                "description": "CWE-22 Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)",
                "lang": "en",
                "type": "CWE"
              }
            ]
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-10-21T23:25:32.699Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "references": [
          {
            "tags": [
              "government-resource"
            ],
            "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2021-40444"
          }
        ],
        "timeline": [
          {
            "lang": "en",
            "time": "2021-11-03T00:00:00+00:00",
            "value": "CVE-2021-40444 added to CISA KEV"
          }
        ],
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "cpes": [
            "cpe:2.3:o:microsoft:windows_10_1809:10.0.17763.2183:*:*:*:*:*:x86:*",
            "cpe:2.3:o:microsoft:windows_10_1809:10.0.17763.2183:*:*:*:*:*:x64:*",
            "cpe:2.3:o:microsoft:windows_10_1809:10.0.17763.2183:*:*:*:*:*:arm64:*"
          ],
          "platforms": [
            "32-bit Systems",
            "x64-based Systems",
            "ARM64-based Systems"
          ],
          "product": "Windows 10 Version 1809",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "10.0.17763.2183",
              "status": "affected",
              "version": "10.0.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:o:microsoft:windows_server_2019:10.0.17763.2183:*:*:*:*:*:*:*"
          ],
          "platforms": [
            "x64-based Systems"
          ],
          "product": "Windows Server 2019",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "10.0.17763.2183",
              "status": "affected",
              "version": "10.0.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:o:microsoft:windows_server_2019:10.0.17763.2183:*:*:*:*:*:*:*"
          ],
          "platforms": [
            "x64-based Systems"
          ],
          "product": "Windows Server 2019 (Server Core installation)",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "10.0.17763.2183",
              "status": "affected",
              "version": "10.0.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:o:microsoft:windows_10_1909:10.0.18363.1801:*:*:*:*:*:x86:*",
            "cpe:2.3:o:microsoft:windows_10_1909:10.0.18363.1801:*:*:*:*:*:x64:*",
            "cpe:2.3:o:microsoft:windows_10_1809:10.0.18363.1801:*:*:*:*:*:x64:*"
          ],
          "platforms": [
            "32-bit Systems",
            "x64-based Systems",
            "ARM64-based Systems"
          ],
          "product": "Windows 10 Version 1909",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "10.0.18363.1801",
              "status": "affected",
              "version": "10.0.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:o:microsoft:windows_10_21H1:10.0.19043.1237:*:*:*:*:*:x64:*",
            "cpe:2.3:o:microsoft:windows_10_21H1:10.0.19043.1237:*:*:*:*:*:arm64:*",
            "cpe:2.3:o:microsoft:windows_10_21H1:10.0.19043.1237:*:*:*:*:*:x86:*"
          ],
          "platforms": [
            "x64-based Systems",
            "ARM64-based Systems",
            "32-bit Systems"
          ],
          "product": "Windows 10 Version 21H1",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "10.0.19043.1237",
              "status": "affected",
              "version": "10.0.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:o:microsoft:windows_server_2022:10.0.20348.230:*:*:*:*:*:*:*"
          ],
          "platforms": [
            "x64-based Systems"
          ],
          "product": "Windows Server 2022",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "10.0.20348.230",
              "status": "affected",
              "version": "10.0.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:o:microsoft:windows_10_1809:10.0.19041.1237:*:*:*:*:*:x64:*"
          ],
          "platforms": [
            "32-bit Systems",
            "ARM64-based Systems",
            "x64-based Systems"
          ],
          "product": "Windows 10 Version 2004",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "10.0.19041.1237",
              "status": "affected",
              "version": "10.0.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:o:microsoft:windows_server_2004:10.0.19041.1237:*:*:*:*:*:*:*"
          ],
          "platforms": [
            "x64-based Systems"
          ],
          "product": "Windows Server version 2004",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "10.0.19041.1237",
              "status": "affected",
              "version": "10.0.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:o:microsoft:windows_10_20H2:10.0.19042.1237:*:*:*:*:*:x86:*",
            "cpe:2.3:o:microsoft:windows_10_20H2:10.0.19042.1237:*:*:*:*:*:arm64:*"
          ],
          "platforms": [
            "32-bit Systems",
            "ARM64-based Systems"
          ],
          "product": "Windows 10 Version 20H2",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "10.0.19042.1237",
              "status": "affected",
              "version": "10.0.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:o:microsoft:windows_server_20H2:10.0.19042.1237:*:*:*:*:*:*:*"
          ],
          "platforms": [
            "x64-based Systems"
          ],
          "product": "Windows Server version 20H2",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "10.0.19042.1237",
              "status": "affected",
              "version": "10.0.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:o:microsoft:windows_10_1507:10.0.10240.19060:*:*:*:*:*:x86:*",
            "cpe:2.3:o:microsoft:windows_10_1507:10.0.10240.19060:*:*:*:*:*:x64:*"
          ],
          "platforms": [
            "32-bit Systems",
            "x64-based Systems"
          ],
          "product": "Windows 10 Version 1507",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "10.0.10240.19060",
              "status": "affected",
              "version": "10.0.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:o:microsoft:windows_10_1607:10.0.14393.4651:*:*:*:*:*:x86:*",
            "cpe:2.3:o:microsoft:windows_10_1607:10.0.14393.4651:*:*:*:*:*:x64:*"
          ],
          "platforms": [
            "32-bit Systems",
            "x64-based Systems"
          ],
          "product": "Windows 10 Version 1607",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "10.0.14393.4651",
              "status": "affected",
              "version": "10.0.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:o:microsoft:windows_server_2016:10.0.14393.4651:*:*:*:*:*:*:*"
          ],
          "platforms": [
            "x64-based Systems"
          ],
          "product": "Windows Server 2016",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "10.0.14393.4651",
              "status": "affected",
              "version": "10.0.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:o:microsoft:windows_server_2016:10.0.14393.4651:*:*:*:*:*:*:*"
          ],
          "platforms": [
            "x64-based Systems"
          ],
          "product": "Windows Server 2016 (Server Core installation)",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "10.0.14393.4651",
              "status": "affected",
              "version": "10.0.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:o:microsoft:windows_7:6.1.7601.25712:sp1:*:*:*:*:x86:*",
            "cpe:2.3:o:microsoft:windows_7:1.001:sp1:*:*:*:*:x86:*",
            "cpe:2.3:o:microsoft:windows_7:6.1.7601.26221:sp1:*:*:*:*:x86:*"
          ],
          "platforms": [
            "32-bit Systems"
          ],
          "product": "Windows 7",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "6.1.7601.25712",
              "status": "affected",
              "version": "6.1.0",
              "versionType": "custom"
            },
            {
              "lessThan": "1.001",
              "status": "affected",
              "version": "6.1.0",
              "versionType": "custom"
            },
            {
              "lessThan": "6.1.7601.26221",
              "status": "affected",
              "version": "6.1.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:o:microsoft:windows_7:6.1.7601.25712:sp1:*:*:*:*:x64:*",
            "cpe:2.3:o:microsoft:windows_7:1.001:sp1:*:*:*:*:x64:*",
            "cpe:2.3:o:microsoft:windows_7:6.1.7601.26221:sp1:*:*:*:*:x64:*"
          ],
          "platforms": [
            "x64-based Systems"
          ],
          "product": "Windows 7 Service Pack 1",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "6.1.7601.25712",
              "status": "affected",
              "version": "6.1.0",
              "versionType": "custom"
            },
            {
              "lessThan": "1.001",
              "status": "affected",
              "version": "6.1.0",
              "versionType": "custom"
            },
            {
              "lessThan": "6.1.7601.26221",
              "status": "affected",
              "version": "6.1.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:o:microsoft:windows_8.1:6.3.9600.20120:*:*:*:*:*:x86:*",
            "cpe:2.3:o:microsoft:windows_8.1:1.001:*:*:*:*:*:x86:*",
            "cpe:2.3:o:microsoft:windows_8.1:6.3.9600.20120:*:*:*:*:*:x64:*",
            "cpe:2.3:o:microsoft:windows_8.1:1.001:*:*:*:*:*:x64:*",
            "cpe:2.3:o:microsoft:windows_rt_8.1:6.3.9600.20120:*:*:*:*:*:*:*"
          ],
          "platforms": [
            "32-bit Systems",
            "x64-based Systems",
            "ARM64-based Systems"
          ],
          "product": "Windows 8.1",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "6.3.9600.20120",
              "status": "affected",
              "version": "6.3.0",
              "versionType": "custom"
            },
            {
              "lessThan": "1.001",
              "status": "affected",
              "version": "6.3.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:o:microsoft:windows_server_2008_sp2:6.0.6003.21218:*:*:*:*:*:x64:*",
            "cpe:2.3:o:microsoft:windows_server_2008_sp2:1.001:*:*:*:*:*:x64:*"
          ],
          "platforms": [
            "32-bit Systems"
          ],
          "product": "Windows Server 2008 Service Pack 2",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "6.0.6003.21218",
              "status": "affected",
              "version": "6.0.0",
              "versionType": "custom"
            },
            {
              "lessThan": "1.001",
              "status": "affected",
              "version": "6.0.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:o:microsoft:windows_server_2008_sp2:6.0.6003.21218:*:*:*:*:*:x64:*",
            "cpe:2.3:o:microsoft:windows_server_2008_sp2:1.001:*:*:*:*:*:x64:*",
            "cpe:2.3:o:microsoft:windows_server_2008_sp2:6.0.6003.21218:*:*:*:*:*:x86:*",
            "cpe:2.3:o:microsoft:windows_server_2008_sp2:1.001:*:*:*:*:*:x86:*"
          ],
          "platforms": [
            "32-bit Systems",
            "x64-based Systems"
          ],
          "product": "Windows Server 2008 Service Pack 2 (Server Core installation)",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "6.0.6003.21218",
              "status": "affected",
              "version": "6.0.0",
              "versionType": "custom"
            },
            {
              "lessThan": "1.001",
              "status": "affected",
              "version": "6.0.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:o:microsoft:windows_server_2008_sp2:6.0.6003.21218:*:*:*:*:*:x86:*",
            "cpe:2.3:o:microsoft:windows_server_2008_sp2:1.001:*:*:*:*:*:x86:*"
          ],
          "platforms": [
            "x64-based Systems"
          ],
          "product": "Windows Server 2008  Service Pack 2",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "6.0.6003.21218",
              "status": "affected",
              "version": "6.0.0",
              "versionType": "custom"
            },
            {
              "lessThan": "1.001",
              "status": "affected",
              "version": "6.0.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:o:microsoft:windows_server_2008_R2:6.1.7601.25712:*:*:*:*:*:x64:*",
            "cpe:2.3:o:microsoft:windows_server_2008_R2:1.001:*:*:*:*:*:x64:*"
          ],
          "platforms": [
            "x64-based Systems"
          ],
          "product": "Windows Server 2008 R2 Service Pack 1",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "6.1.7601.25712",
              "status": "affected",
              "version": "6.1.0",
              "versionType": "custom"
            },
            {
              "lessThan": "1.001",
              "status": "affected",
              "version": "6.1.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:o:microsoft:windows_server_2008_R2:6.1.7601.25712:*:*:*:*:*:x64:*",
            "cpe:2.3:o:microsoft:windows_server_2008_R2:1.001:*:*:*:*:*:x64:*"
          ],
          "platforms": [
            "x64-based Systems"
          ],
          "product": "Windows Server 2008 R2 Service Pack 1 (Server Core installation)",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "6.1.7601.25712",
              "status": "affected",
              "version": "6.0.0",
              "versionType": "custom"
            },
            {
              "lessThan": "1.001",
              "status": "affected",
              "version": "6.0.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:o:microsoft:windows_server_2012:6.2.9200.23462:*:*:*:*:*:x64:*",
            "cpe:2.3:o:microsoft:windows_server_2012:1.001:*:*:*:*:*:x64:*"
          ],
          "platforms": [
            "x64-based Systems"
          ],
          "product": "Windows Server 2012",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "6.2.9200.23462",
              "status": "affected",
              "version": "6.2.0",
              "versionType": "custom"
            },
            {
              "lessThan": "1.001",
              "status": "affected",
              "version": "6.2.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:o:microsoft:windows_server_2012:6.2.9200.23462:*:*:*:*:*:x64:*",
            "cpe:2.3:o:microsoft:windows_server_2012:1.001:*:*:*:*:*:x64:*"
          ],
          "platforms": [
            "x64-based Systems"
          ],
          "product": "Windows Server 2012 (Server Core installation)",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "6.2.9200.23462",
              "status": "affected",
              "version": "6.2.0",
              "versionType": "custom"
            },
            {
              "lessThan": "1.001",
              "status": "affected",
              "version": "6.2.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:o:microsoft:windows_server_2012_R2:6.3.9600.20120:*:*:*:*:*:x64:*",
            "cpe:2.3:o:microsoft:windows_server_2012_R2:1.001:*:*:*:*:*:x64:*"
          ],
          "platforms": [
            "x64-based Systems"
          ],
          "product": "Windows Server 2012 R2",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "6.3.9600.20120",
              "status": "affected",
              "version": "6.3.0",
              "versionType": "custom"
            },
            {
              "lessThan": "1.001",
              "status": "affected",
              "version": "6.3.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:o:microsoft:windows_server_2012_R2:6.3.9600.20120:*:*:*:*:*:x64:*",
            "cpe:2.3:o:microsoft:windows_server_2012_R2:1.001:*:*:*:*:*:x64:*"
          ],
          "platforms": [
            "x64-based Systems"
          ],
          "product": "Windows Server 2012 R2 (Server Core installation)",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "6.3.9600.20120",
              "status": "affected",
              "version": "6.3.0",
              "versionType": "custom"
            },
            {
              "lessThan": "1.001",
              "status": "affected",
              "version": "6.3.0",
              "versionType": "custom"
            }
          ]
        }
      ],
      "datePublic": "2021-09-07T07:00:00.000Z",
      "descriptions": [
        {
          "lang": "en-US",
          "value": "\u003cp\u003eMicrosoft is investigating reports of a remote code execution vulnerability in MSHTML that affects Microsoft Windows. Microsoft is aware of targeted attacks that attempt to exploit this vulnerability by using specially-crafted Microsoft Office documents.\u003c/p\u003e\n\u003cp\u003eAn attacker could craft a malicious ActiveX control to be used by a Microsoft Office document that hosts the browser rendering engine. The attacker would then have to convince the user to open the malicious document. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.\u003c/p\u003e\n\u003cp\u003eMicrosoft Defender Antivirus and Microsoft Defender for Endpoint both provide detection and protections for the known vulnerability. Customers should keep antimalware products up to date. Customers who utilize automatic updates do not need to take additional action. Enterprise customers who manage updates should select the detection build 1.349.22.0 or newer and deploy it across their environments. Microsoft Defender for Endpoint alerts will be displayed as: \u201cSuspicious Cpl File Execution\u201d.\u003c/p\u003e\n\u003cp\u003eUpon completion of this investigation, Microsoft will take the appropriate action to help protect our customers. This may include providing a security update through our monthly release process or providing an out-of-cycle security update, depending on customer needs.\u003c/p\u003e\n\u003cp\u003ePlease see the \u003cstrong\u003eMitigations\u003c/strong\u003e and \u003cstrong\u003eWorkaround\u003c/strong\u003e sections for important information about steps you can take to protect your system from this vulnerability.\u003c/p\u003e\n\u003cp\u003e\u003cstrong\u003eUPDATE\u003c/strong\u003e September 14, 2021: Microsoft has released security updates to address this vulnerability. Please see the Security Updates table for the applicable update for your system. We recommend that you install these updates immediately. Please see the FAQ for important information about which updates are applicable to your system.\u003c/p\u003e\n"
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "baseScore": 8.8,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:H/A:L/E:P/RL:O/RC:C",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en-US",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Remote Code Execution",
              "lang": "en-US",
              "type": "Impact"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2023-12-28T19:37:23.721Z",
        "orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
        "shortName": "microsoft"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-40444"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://packetstormsecurity.com/files/164210/Microsoft-Windows-MSHTML-Overview.html"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://packetstormsecurity.com/files/165214/Microsoft-Office-Word-MSHTML-Remote-Code-Execution.html"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://packetstormsecurity.com/files/167317/Microsoft-Office-MSDT-Follina-Proof-Of-Concept.html"
        }
      ],
      "title": "Microsoft MSHTML Remote Code Execution Vulnerability"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
    "assignerShortName": "microsoft",
    "cveId": "CVE-2021-40444",
    "datePublished": "2021-09-15T11:24:26.000Z",
    "dateReserved": "2021-09-02T00:00:00.000Z",
    "dateUpdated": "2025-10-21T23:25:32.699Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

OPENSUSE-SU-2024:13674-1

CVE-2021-40444 (GCVE-0-2021-40444)

Tags

Sightings

Nomenclature