R0 CREW

CVE-2021-40444 Analysis / Exploit

Intro

I’m writing the blog post when I have no technical background on this exploit. So I would like to share my experience with it. I saw a lot of people did a proof of concept, so I decided to do something different which is I will get the exploit then I will analyze more and go deep into it, and if you noticed any mistake in my blogpost be DM me on my Twitter account.

I hope I can do something useful, enjoy reading.

https://xret2pwn.github.io/CVE-2021-40444-Analysis-and-Exploit/

This use case aims to partially simulate the server side component of an “in-the-wild-spotted” Office sample which exploits CVE-2021-40444 (MSHTML Remote Code Execution Vulnerability)

https://github.com/felixweyne/imaginaryC2/tree/master/examples/use-case-10-CVE-2021-40444