MSHTML (also known as Trident) is a software component used to render web pages on Windows. Although it’s most commonly associated with Internet Explorer, it is also used in other software including versions of Skype, Microsoft Outlook, Visual Studio, and others. This vulnerability allows an attacker to create an ActiveX control to be used by Microsoft Office documents that host the browser rendering engine. The attacker needs to trick the user into opening the malicious document.
Key Pointers:
- Introduction to MSHTML and understanding the vulnerability in it
- Understanding the severity of the vulnerability
- Looking at the CVSS score and covering the scope of impact
- Learning how to mitigate the vulnerability
- Setting up the lab and understanding the exploitation scenario
- Performing the exploit in the lab environment