← back
CVE-2023-32046

Windows MSHTML Platform Elevation of Privilege Vulnerability

CVSS 7.8 HIGHEPSS 9.1%● KEV
Vexday Risk Score
51Attention
SSVC decision (CISA)
Act
Exploitation + impact → act immediately
CVSS 7.8EPSS 9.1%KEV simPoC Nuclei Metasploit Patch referenciado
Lifecycle
11 Jul 2023Active exploitation (CISA KEV)
11 Jul 2023Published on NVD
Recommendation: Patch as soon as possible — active exploitation confirmed.
In short

A security flaw in Windows MSHTML (the rendering engine used by Internet Explorer and other applications) allows an attacker to gain higher-level privileges on a system. This is dangerous because an attacker with low permissions could exploit this to gain administrative control.

Technical detail

Local privilege escalation vulnerability in the MSHTML platform component, exploitable through crafted content or specific API interactions. Requires user interaction or local access; successful exploitation grants elevated privileges, potentially leading to full system compromise.

Summary generated and translated by AI from the official description.
Windows MSHTML Platform Elevation of Privilege Vulnerability
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C