CVE-2021-33742

EUVD-2021-20419
Windows MSHTML Platform Remote Code Execution Vulnerability
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
7.5 HIGH
NETWORK
HIGH
NONE
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
microsoftCNA
7.5 HIGH
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C
Base Score
CVSS 3.x
EPSS Score
Percentile: 98%
Affected Products (NVD)
VendorProductVersion
microsoftwindows_10_1507
𝑥
< 10.0.10240.18967
microsoftwindows_10_1607
𝑥
< 10.0.14393.4467
microsoftwindows_10_1809
𝑥
< 10.0.17763.1999
microsoftwindows_10_1909
𝑥
< 10.0.18363.1621
microsoftwindows_10_2004
𝑥
< 10.0.19041.1052
microsoftwindows_10_20h2
𝑥
< 10.0.19042.1052
microsoftwindows_10_21h1
𝑥
< 10.0.19043.1052
microsoftwindows_7
-
microsoftwindows_8.1
-
microsoftwindows_rt_8.1
-
microsoftwindows_server_2012
-
microsoftwindows_server_2016
𝑥
< 10.0.14393.4467
microsoftwindows_server_2019
𝑥
< 10.0.17763.1999
𝑥
= Vulnerable software versions
Windows Releases
Platform
Version
Windows 10
(x64, x86)
KB5003687
1607 (x64, x86)
KB5003638
1809 (arm64, x64, x86)
KB5003646
1909 (arm64, x64, x86)
KB5003635
2004 (arm64, x64, x86)
KB5003637
20H2 (arm64, x86)
KB5003637
21H1 (arm64, x64, x86)
KB5003637
Windows 7
Service Pack 1 (x64, x86)
KB5003667
Service Pack 1 (x64, x86)
KB5003636
Windows 8.1
(x64, x86)
KB5003671
(x64, x86)
KB5003636
Windows RT 8.1
All
KB5003671
Windows Server 2008
Service Pack 2 (x64, x86)
KB5003636
Service Pack 2 (x64, x86)
KB5003661
Windows Server 2008 R2
Service Pack 1 (x64)
KB5003667
Service Pack 1 (x64)
KB5003636
Windows Server 2012
Standard
KB5003636
Standard
KB5003697
Windows Server 2012 R2
Standard
KB5003671
Standard
KB5003636
Windows Server 2016
Standard
KB5003638
Windows Server 2019
Standard
KB5003646
Common Weakness Enumeration
References
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-33742
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-33742
https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2021-33742