Skip to main content

Microsoft Windows MSHTML Platform Privilege Escalation Vulnerability (CVE-2023-32046)


29 APR 2024



CVE-2023-32046 is a vulnerability in the Windows MSHTML platform that could lead to an Elevation of Privilege (EoP) – essentially allowing a low privilege attacker to execute code in the context of the user or gain high-level access to a system they ordinarily would not have. Exploitation of the vulnerability requires that a user open a specially crafted file.

In an email attack scenario, an attacker could exploit the vulnerability by sending the specially crafted file to the user and convince the user to open the file.

In a web-based attack scenario, an attacker could host a website (or leverage a compromised website that accepts or hosts user-provided content) containing a specially crafted file designed to exploit the vulnerability.

An attacker would have no way to force users to visit the website. Instead, an attacker would have to convince users to click a link, typically by way of an enticement in an email or instant message, and then convince them to open the specially crafted file.



  • Elevation of Privilege (EoP) allowing the attacker to execute arbitrary code on the victim's machine


Affected Products

  • All supported versions of Microsoft Windows