module
Microsoft Office Word Malicious MSHTML RCE
| Disclosed |
|---|
| Sep 23, 2021 |
Disclosed
Sep 23, 2021
Description
This module creates a malicious docx file that when opened in Word on a vulnerable Windows
system will lead to code execution. This vulnerability exists because an attacker can
craft a malicious ActiveX control to be used by a Microsoft Office document that hosts
the browser rendering engine.
system will lead to code execution. This vulnerability exists because an attacker can
craft a malicious ActiveX control to be used by a Microsoft Office document that hosts
the browser rendering engine.
Rapid7 Labs
2026 Global Threat Landscape Report
The predictive window has collapsed. Exploitation follows disclosure in days. See how attackers are accelerating and how to stay ahead.