This is a critical vulnerability in the MSHTML rendering engine. Microsoft Office applications use the MSHTML engine to process and display web content. An adversary who successfully exploits could achieve full control over a target system by using malicious ActiveX controls to execute arbitrary code.
This Update contains the following improvements:
-Default Connection method was changed to HTTPS
-Early Release Warning was removed
-Several "Application Name" in "Supported systems" property were added
-Added html obfuscation when possible to avoid AV detection
-All file names are randomized
-Now users can choose between using cab file method or not
This Update contains the following improvements:
-Default Connection method was changed to HTTPS
-Early Release Warning was removed
-Several "Application Name" in "Supported systems" property were added
-Added html obfuscation when possible to avoid AV detection
-All file names are randomized
-Now users can choose between using cab file method or not
CVE Link
Exploit Platform
Exploit Type
Product Name