NOMISEC-yrkuo/CVE-2022-30190

NOMISEC WRITEUP

Exploit for CVE-2022-30190 - Microsoft Office Word MSDTJS

AI Analysis

This repository provides a detailed writeup and step-by-step guide for exploiting CVE-2022-30190 (Follina), a remote code execution vulnerability in Microsoft Support Diagnostic Tool (MSDT). It includes instructions for crafting a malicious Word document and setting up a C2 server using a referenced Python script.

Attack Type

RCE

Complexity

moderate

Reliability

reliable

MITRE ATT&CK

T1204.002 - Malicious File T1195.002 - Compromise Software Supply Chain

Loading exploit code...

Download ZIP Password: eip

Source

Platform Nomisec

Type local

Files 1

https://github.com/yrkuo/CVE-2022-30190

Stars 0

Forks 0

Last Push Feb 14, 2023

Authors

yrkuo

Vulnerability

CVE-2022-30190

Microsoft Office Word MSDTJS

HIGH KEV

CVSS 7.8