About this tutorial:
Video duration: 00:04:22
Exploiting MSHTML (CVE 2021 40444) with Metasploit to achieve Remote Code Execution
In this session, we focused on exploiting the recent Microsoft MSHTML vulnerability using Metasploit.
MSHTML is Microsoft’s proprietary browser engine for Internet Explorer. Attackers can attach malicious ActiveX controls in Microsoft Office word doc. Victims only need to open the malicious documents for adversaries to get inside the network.
The attack depends on MSHTML loading a specially crafted ActiveX control when the victim opens a malicious Office document. The loaded ActiveX control can then…