A Microsoft Office MSHTML Remote Code Execution Vulnerability also known as CVE-2021-40444 is used in the Internet Explorer web browser engine and is a component of modern Windows systems, both user and server. The engine is often used by other Microsoft office programs such as Word, Powerpoint, Excel etc to work with web related content.
Attackers exploit this vulnerability by embedding a special object in a Microsoft Office document containing an URL for a malicious script. If a user opens the document, Microsoft Office will download the malicious script from the URL and run it using the MSHTML engine. Then the script can use ActiveX controls to perform malicious actions on the victim’s computer.
This video shows you how to handle Microsoft MSHTML Remote Execution Vulnerability (Active X).