Attacker Value
Unknown
CVE-2021-33742
Attacker Value
Unknown
(2 users assessed)
Exploitability
Unknown
(2 users assessed)User Interaction
Unknown
Privileges Required
Unknown
Attack Vector
Unknown
MITRE ATT&CK
Log in to add MITRE ATT&CK tag
Add MITRE ATT&CK tactics and techniques that apply to this CVE.
Add Assessment
3
Technical Analysis
Windows MSHTML Platform (Microsoft proprietary browser engine) enables RCE and is being actively exploited in limited campaigns.
Exploitation requires user interaction; thus, feasible threat scenarios include drive-by download, exploit kits, and phishing links.
A commercial exploit company reportedly provided the exploit code to Eastern European and Middle Eastern state-sponsored actors
1
Technical Analysis
Based on comments at this thread: https://twitter.com/ShaneHuntley/status/1402320071276433408 we should expect to see a full writeup around July 9th or so from the Google threat assessment team. Seems they will be keeping things close to the vest until then to allow people to patch in the meantime.
CVSS V3 Severity and Metrics
Data provided by the National Vulnerability Database (NVD)
Base Score:
None
Impact Score:
Unknown
Exploitability Score:
Unknown
Attack Vector (AV):
Unknown
Attack Complexity (AC):
Unknown
Privileges Required (PR):
Unknown
User Interaction (UI):
Unknown
Scope (S):
Unknown
Confidentiality (C):
Unknown
Integrity (I):
Unknown
Availability (A):
Unknown
General Information
Vendors
- microsoft
Products
- windows 10 1507,
- windows 10 1607,
- windows 10 1809,
- windows 10 1909,
- windows 10 2004,
- windows 10 20h2,
- windows 10 21h1,
- windows 7 -,
- windows 8.1 -,
- windows rt 8.1 -,
- windows server 2008 r2,
- windows server 2008 sp2,
- windows server 2012 -,
- windows server 2012 r2,
- windows server 2016,
- windows server 2019
