CVE-2021-40444 Analysis / Exploit


I’m writing the blog post when I have no technical background on this exploit. So I would like to share my experience with it. I saw a lot of people did a proof of concept, so I decided to do something different which is I will get the exploit then I will analyze more and go deep into it, and if you noticed any mistake in my blogpost be DM me on my Twitter account.

I hope I can do something useful, enjoy reading.


This use case aims to partially simulate the server side component of an “in-the-wild-spotted” Office sample which exploits CVE-2021-40444 (MSHTML Remote Code Execution Vulnerability)