Trusted Design

Microsoft OLE URL Moniker improperly handles remotely-linked HTA data

概要

Microsoft OLE uses the URL Moniker to processes remotely-linked content in a vulnerable manner. The remote content is opened based on the application associated with the server-provided MIME type. Some MIME types are dangerous, as they can result in code execution. For example, the application/hta mime type is associated with mshta.exe. Opening arbitrary HTA content is equivalent to executing arbitrary code. This vulnerability is reportedly being exploited in the wild. The exploits used in the wild have the following characteristics.

Created: 2026-02-23

Indicators

Indicatorsは見つかっていない。

類似Pulses

• Microsoft Office OLE2Link vulnerability samples - a quick triage (score: 0.55)
• CVE-2015-0097 Exploited in the Wild (score: 0.55)
• FIREEYE: Office Encapsulated PostScript & Priv Escalation 0days (score: 0.52)
• Malicious Word document delivers LuminosityLink RAT (score: 0.52)
• 9002 Trojan via Google Drive Tiny URL (score: 0.51)

このPulseに関連する脅威アクター (事実ベース)

このPulseに関連する脅威アクター (推論ベース)

Related CVEs

このPulseに見つかったCVEはありません。

Pulse – 脅威アクター グラフ

---

← Pulse一覧に戻る