Attachment: CVE-2021-40444 - MSHTML Remote Code Execution VulnerabilityFeb 21, 2023 · Suspicious attachment CVE-2021-40444 Office exploit ·
Attachment contains an external relationship that attempts to load a remote OLE object, consistent with use in CVE-2021-40444.
On September 7, 2021, Microsoft released details about a zero day RCE vulnerability in MSHTML that affects Microsoft Windows.
According to Microsoft: "we are aware of targeted attacks that attempt to exploit this vulnerability by using specially-crafted Microsoft Office documents. An attacker could craft a malicious ActiveX control to be used by a Microsoft Office document that hosts the browser rendering engine."