Windows MSHTML Platform Security Feature Bypass Vulnerability - CVE-2024-30040ID: oval:org.secpod.oval:def:10000074 | Date: (C)2024-05-15 (M)2024-05-23 |
Class: VULNERABILITY | Family: windows |
Windows MSHTML Platform Security Feature Bypass Vulnerability. This vulnerability bypasses OLE mitigations in Microsoft 365 and Microsoft Office which protect users from vulnerable COM/OLE controls. An attacker would have to convince the user to load a malicious file onto a vulnerable system, typically by way of an enticement in an Email or Instant Messenger message, and then convince the user to manipulate the specially crafted file, but not necessarily click or open the malicious file. An unauthenticated attacker who successfully exploited this vulnerability could gain code execution through convincing a user to open a malicious document at which point the attacker could execute arbitrary code in the context of the user.
Platform: |
Microsoft Windows 10 |
Microsoft Windows 11 |
Microsoft Windows Server 2016 |
Microsoft Windows Server 2019 |
Microsoft Windows Server 2022 |
Microsoft Windows Server |