6.8
CVSSv2

CVE-2021-33742

Published: 08/06/2021 Updated: 14/06/2021
CVSS v2 Base Score: 6.8 | Impact Score: 6.4 | Exploitability Score: 8.6
CVSS v3 Base Score: 8.8 | Impact Score: 5.9 | Exploitability Score: 2.8
Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P

Vulnerability Summary

Microsoft Windows MSHTML Platform Remote Code Execution Vulnerability. Functional exploit code is available. The code works in most situations where the vulnerability exists.

Most Upvoted Vulmon Research Post

There is no Researcher post for this vulnerability
Would you like to share something about it? Sign up now to share your knowledge with the community.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

microsoft windows 10 -

microsoft windows 10 20h2

microsoft windows 10 21h1

microsoft windows 10 1607

microsoft windows 10 1809

microsoft windows 10 1909

microsoft windows 10 2004

microsoft windows 7 -

microsoft windows 8.1 -

microsoft windows rt 8.1 -

microsoft windows server 2008 r2

microsoft windows server 2008 sp2

microsoft windows server 2012 r2

microsoft windows server 2016 -

microsoft windows server 2012 -

microsoft windows server 2019 -

microsoft windows server 2016 1909

microsoft windows server 2016 2004

microsoft windows server 2016 20h2

Github Repositories

Beacon23 Beacon23 - A Vulnerability Finder A Simple REST API to process National Vulnerability Database - cve modified data feed and display that data A client application can call these APIs to display the data with nice visualization The backend Spring Boot application processes the data feed JSON file and stores the data in H2 In-Memory database (NOTE - this is only for de

Recent Articles

Google fixes actively exploited Chrome zero‑day
welivesecurity • 10 Jun 2021

Google has rolled out an update for its Chrome web browser to fix a bunch of security flaws, including a zero-day vulnerability that is known to be actively exploited by threat actors. The bugs affect the Windows, macOS, and Linux versions of the browser.
“Google is aware that an exploit for CVE-2021-30551 exists in the wild,” reads Google’s security update describing the newly disclosed zero-day vulnerability that stems from a type confusion bug in the V8 JavaScript engine that is...

Chrome Browser Bug Under Active Attack
Threatpost • Tom Spring • 10 Jun 2021

Google is warning that a bug in its Chrome web browser is actively under attack, and it is urging users to upgrade to the latest 91.0.4472.101 version to mitigate the issue.
In all, Google rolled out fixes for 14 bugs impacting its Windows, Mac and Linux browsers as part of its June update to the Chrome desktop browser.
“Google is aware that an exploit for CVE-2021-30551 exists in the wild,” wrote Chrome technical program manager Prudhvikumar Bommana in a Wednesday post. That exp...

Extra urgency in June's Patch Tuesday: Microsoft warns six more bugs are being exploited
The Register • Iain Thomson in San Francisco • 09 Jun 2021

Adobe, Intel, SAP, Android emit vulnerability fixes, too

Patch Tuesday Microsoft's traditional Patch Tuesday saw the software giant release fixes for 50 flaws, and a reminder to apply updates as soon as possible because six of them are being exploited in the wild by miscreants.
Potentially the most serious of the six, CVE-2021-33742, allows for remote code execution via the Windows MSHTML Platform. Details of this security hole have been disclosed in some form, we're told. Shane Huntley, director of the Google's Threat Analysis Group, noted a ...

Google fixes sixth Chrome zero-day exploited in the wild this year
BleepingComputer • Lawrence Abrams • 01 Jan 1970

Google has released Chrome 91.0.4472.101 for Windows, Mac, and Linux to fix 14 security vulnerabilities, with one zero-day vulnerability exploited in the wild and tracked as CVE-2021-30551.
Google Chrome 91.0.4472.101 has started rolling out worldwide and will become available to all users over the next few days.
Google Chrome will automatically attempt to upgrade the browser the next time you launch the program, but you can perform a manual update by going to 
 > 
...