PATCHAPALOOZA-alien-keric/CVE-2022-30190

PATCHAPALOOZA WORKING POC

Exploit for CVE-2022-30190 - Microsoft Office Word MSDTJS

AI Analysis

This repository contains a functional Python script that generates a malicious HTML payload exploiting CVE-2022-30190 (Follina). The payload leverages the MS-MSDT URI scheme to execute arbitrary commands via PowerShell, bypassing security mechanisms in Microsoft Office.

Attack Type

RCE

Complexity

trivial

Reliability

reliable

MITRE ATT&CK

T1190 - Exploit Public-Facing Application T1059 - Command and Scripting Interpreter T1203 - Exploitation for Client Execution

Loading exploit code...

Download ZIP Password: eip

Source

Platform Patchapalooza

Type client-side

Files 2

https://github.com/alien-keric/CVE-2022-30190

Authors

JohnHammond alienkeric alien-keric

Vulnerability

CVE-2022-30190

Microsoft Office Word MSDTJS

HIGH KEV

CVSS 7.8