Vulnerability details
Advisory: SB2024051439 - Remote code execution in Microsoft Windows MSHTML platform
Vulnerable component: Windows
CVE-ID: CVE-2024-30040
CVSSv3 score: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:H/RL:O/RC:C
CWE-ID: CWE-254 - Security Features
Description:
The vulnerability allows a remote attacker to compromise the affected system.
The vulnerability exists due to improper input validation within the Windows MSHTML Platform. A remote attacker can trick the victim to open or load a specially crafted file, bypass OLE mitigations in Microsoft 365 and Microsoft Office and execute arbitrary code on the system.
Note, the vulnerability is being actively exploited in the wild.
External links:
https://msrc.microsoft.com/update-guide/en-US/advisory/CVE-2024-30040