Microsoft Office Word MSDTJS
Title source: metasploitExploitation Summary
CVE-2022-30190 is actively exploited and listed in the CISA Known Exploited Vulnerabilities (KEV) catalog, added June 14, 2022, with confirmed use in ransomware campaigns.
EIP tracks 97 public exploits from researchers including komomon, JMousqueton, onecloudemoji, including a Metasploit module exploits/windows/fileformat/word_msdtjs_rce.
AI-analyzed exploit summary This is a Python-based exploit for CVE-2022-30190 (Follina), which leverages a Microsoft Office MSDT vulnerability to achieve remote code execution via malicious Word documents. The script generates a weaponized .docx file that triggers arbitrary command execution or binary loading when opened.
Description
A remote code execution vulnerability exists when MSDT is called using the URL protocol from a calling application such as Word. An attacker who successfully exploits this vulnerability can run arbitrary code with the privileges of the calling application. The attacker can then install programs, view, change, or delete data, or create new accounts in the context allowed by the user’s rights. Please see the MSRC Blog Entry for important information about steps you can take to protect your system from this vulnerability.
Exploits (97)
This is a Python-based exploit for CVE-2022-30190 (Follina), which leverages a Microsoft Office MSDT vulnerability to achieve remote code execution via malicious Word documents. The script generates a weaponized .docx file that triggers arbitrary command execution or binary loading when opened.
This repository contains a proof-of-concept exploit for CVE-2022-30190, a Microsoft Office RCE vulnerability (Follina) that leverages the MSDT URI scheme to execute arbitrary commands via malicious Word documents. The PoC includes a Python script to generate a malicious docx file and a payload HTML file that triggers the vulnerability.
This repository contains a proof-of-concept exploit for CVE-2022-30190 (Follina), a Microsoft Office remote code execution vulnerability. The exploit involves hosting an HTML file on a local server and tricking a user into opening a malicious DOCX file, which then executes arbitrary code (e.g., launching calc.exe).
This repository contains a proof-of-concept for CVE-2022-30190, a Microsoft Office Word RCE vulnerability. The exploit leverages an external OLE object reference in a docx file to execute arbitrary code via the ms-msdt URI scheme.
This PoC exploits CVE-2022-30190 (Follina) by crafting a malicious Word document that triggers MS-MSDT via an external HTTP server. It supports arbitrary command execution or reverse shell payloads, leveraging PowerShell and base64 encoding to bypass restrictions.
This repository provides a detailed analysis of CVE-2022-30190, including its timeline, detection strategies, and mitigation plans. It does not contain exploit code but offers IOCs and detection rules for security teams.
This repository contains a Python-based CLI tool for exploiting CVE-2022-30190 (Follina), a zero-day vulnerability in Microsoft Office's MSDT. It supports malicious command execution and reverse shell establishment via NetCat, with options for .doc, .docx, and .rtf file formats.
This PoC extracts payload URLs from malicious docx and rtf files exploiting CVE-2022-30190 (Follina). It parses embedded URLs in document relationships or RTF objects, aiding in analysis of exploit documents.
This is a Go-based scanner tool designed to detect the presence of the Follina exploit (CVE-2022-30190) in Office documents by analyzing embedded URLs and checking for the 'ms-msdt' string in HTTP responses.
This is a functional PoC for CVE-2022-30190 (Follina), which exploits a remote code execution vulnerability in Microsoft Support Diagnostic Tools (MSDT) via malicious Office documents. The script generates a weaponized document and serves a payload to trigger arbitrary command execution.
This repository provides a detailed proof-of-concept for CVE-2022-30190, leveraging the MS-MSDT Follina vulnerability to achieve remote code execution via malicious Office documents. It includes step-by-step instructions for crafting exploit files and multiple payload examples.
This is a Go-based PoC for CVE-2022-30190 (Follina), which exploits a remote code execution vulnerability in Microsoft Office via malicious Word documents. The tool generates a weaponized .docx file and hosts a server to deliver the payload.
This repository contains a functional PoC exploit for CVE-2022-30190 (Follina), a Microsoft Office RCE vulnerability. The exploit generates a malicious Word document that triggers arbitrary command execution via MSDT when opened.
This repository provides a PoC for CVE-2022-30190 (Follina), a vulnerability in Microsoft Support Diagnostic Tool (MSDT) that allows remote code execution via a malicious Word document. The exploit requires modifying the document's XML relationships file to include a malicious payload.
This PoC exploits CVE-2022-30190 (Follina) via a crafted PowerPoint (PPSX) file that loads a malicious HTML payload from a remote server. The exploit leverages the MSDT URL protocol handler to achieve remote code execution (RCE).
This repository contains a functional Python-based exploit for CVE-2022-30190 (Follina), which leverages the MSDT URI scheme to execute arbitrary commands or establish a reverse shell via malicious Office documents. The tool generates weaponized .doc, .docx, or .rtf files and includes a 0-click RTF variant.
This repository contains a Python-based exploit for CVE-2022-30190 (Follina), a Microsoft Office MSDT vulnerability. It generates malicious Office documents (DOC, DOCX, RTF) that execute arbitrary commands or reverse shells via the MSProtocol URI scheme.
This repository contains a Java-based Spring Boot application that generates malicious Office documents exploiting CVE-2022-30190 (Follina), a critical RCE vulnerability in Microsoft Office via the MSDT protocol. It provides a web interface for payload creation and Docker support for easy deployment.
This repository contains a Python script to generate a malicious Word document exploiting CVE-2022-30190 (MS-MSDT Follina). The exploit leverages a remote template injection to execute arbitrary code via PowerShell when the document is opened.
This PoC exploits CVE-2022-30190 (Follina) by generating a malicious Word document that triggers remote code execution via a crafted URL. It includes a server to host the payload and demonstrates the vulnerability by launching calc.exe by default.
This repository provides a PowerShell script to mitigate CVE-2022-30190 by removing the vulnerable 'ms-msdt' registry key. The script is a remediation tool rather than an exploit, but it directly addresses the vulnerability by disabling the attack vector.
This PoC exploits CVE-2022-30190 (Follina) by generating a malicious Word document that triggers remote code execution via the MSDT URL protocol handler. It hosts a malicious HTML payload and sets up a netcat listener for a reverse shell.
This repository provides PowerShell scripts to detect and remediate CVE-2022-30190 (Follina) by removing the MSDT registry key. The scripts check for the presence of the vulnerable registry key and delete it to prevent exploitation.
This repository contains a Spring Boot application that generates malicious Word documents to exploit CVE-2022-30190 (Follina), a remote code execution vulnerability in Microsoft Windows Support Diagnostic Tool (MSDT). It provides both server-side and client-side payload delivery mechanisms.
This repository provides a detailed writeup and references for CVE-2022-30190, a remote code execution vulnerability in the Microsoft Support Diagnostic Tool (MSDT). It includes links to PoC repositories, mitigation guidance, and Microsoft Sentinel hunting queries for detection.
This repository contains a PowerShell script to detect and mitigate the Follina MSDT vulnerability (CVE-2022-30190) by checking for the presence of the MSDT URL Protocol registry key and optionally disabling it. It also provides functionality to backup and restore the registry key.
This repository contains a functional PoC for CVE-2022-30190, leveraging the MS-MSDT 'Follina' vulnerability to execute arbitrary commands via a malicious Word document. It includes an HTTP server to stage payloads, supporting both direct command execution and reverse shell capabilities.
This NSIS script automates the application and rollback of the registry-based mitigation for CVE-2022-30190 (Follina) by removing or restoring the `HKCR\ms-msdt` registry key. It is a mitigation tool rather than an exploit, designed to temporarily disable the vulnerable MSDT URL protocol handler.
This repository contains a C#-based proof-of-concept exploit for CVE-2022-30190, which is a Microsoft Office remote code execution vulnerability. The exploit collects targeted file types from the victim's system, compresses them, and exfiltrates them to a remote server.
This Go-based PoC exploits CVE-2022-30190 (Follina) by generating a malicious Word document that triggers remote code execution via MSDT. It hosts a payload server to deliver a reverse shell executable.
The repository provides a minimal Python HTTP server to serve an exploit.html file for CVE-2022-30190 (Microsoft Office RCE via MSDT). However, the actual exploit payload (exploit.html) is missing, making this a stub.
This repository contains a functional proof-of-concept exploit for CVE-2022-30190 (Follina), a remote code execution vulnerability in Microsoft Office. It includes tools to generate malicious documents and payloads, as well as defensive scripts to detect and mitigate the exploit using Sysmon logs.
This repository provides a README describing a tool to disable the MSDT protocol as a mitigation for CVE-2022-30190 (Follina). It does not contain exploit code but explains a workaround for the vulnerability.
This repository provides an unofficial patch for CVE-2022-30190 (Follina) by modifying registry settings as per Microsoft's guidelines. It includes a batch script to apply the patch and create a backup of the registry file.
This repository contains a functional proof-of-concept exploit for CVE-2022-30190 (Follina), a Microsoft Office remote code execution vulnerability. The exploit generates a malicious Word document that triggers arbitrary PowerShell command execution via the MSDT URL protocol handler.
This repository provides a Python script to patch CVE-2022-30190 (Follina) by deleting the vulnerable registry key 'HKEY_CLASSES_ROOT\ms-msdt'. It includes an option to back up the registry key before deletion.
This repository provides a detailed analysis of CVE-2022-30190, a Microsoft Windows Support Diagnostic Tool (MSDT) remote code execution vulnerability. It includes a timeline, detection strategies, IOCs, and mitigation plans but does not contain actual exploit code.
This PoC generates a malicious HTML payload exploiting CVE-2022-30190 (Follina) to achieve remote code execution via the MS-MSDT protocol. It encodes a PowerShell command in base64 to download and execute a reverse shell.
This repository contains a working PoC for CVE-2022-30190 (Follina), which exploits a remote code execution vulnerability in Microsoft Office via malicious Word documents. It includes an automated attack chain with Gmail-based C2 (gdog) and image steganography for payload delivery.
This repository contains a Python script that generates a malicious Word document exploiting CVE-2022-30190 (Follina). The exploit leverages the MS-MSDT protocol to execute arbitrary commands, including launching a reverse shell via netcat.
This repository contains a functional exploit for CVE-2022-30190 (Follina), which leverages MS-MSDT via malicious Word documents to achieve remote code execution. The exploit generates a weaponized document and hosts an HTTP server to deliver the payload, supporting commands like calc.exe, cmd.exe, or reverse shells.
This repository contains a Python script and documentation for exploiting CVE-2022-30190, a remote code execution vulnerability in Microsoft Support Diagnostic Tool (MSDT) via malicious Word documents. The exploit leverages OLE objects and external HTML references to execute arbitrary commands without requiring macros.
This PoC exploits CVE-2022-30190 (Follina) by generating a malicious Word document that leverages the MS-MSDT URL protocol to execute arbitrary commands via a crafted HTML payload. It includes options for direct command execution or a reverse shell using netcat.
This is a Python-based exploit for CVE-2022-30190 (Follina), which leverages a Microsoft Office remote code execution vulnerability via malicious document generation. The PoC includes options for command execution or reverse shell payloads.
This repository contains information about a compromised certificate used by Click Studios, including certificate details and an Advanced Hunting query for detection. It does not include exploit code but provides forensic details for identifying affected systems.
This repository contains PowerShell scripts to mitigate CVE-2022-30190 (Follina) by backing up and removing the vulnerable registry key (HKEY_CLASSES_ROOT\ms-msdt). It also includes a script for mitigating a related 'Search' vulnerability.
This PoC generates a malicious Word document and HTML file exploiting CVE-2022-30190 (Follina) to achieve remote code execution via the Microsoft Support Diagnostic Tool (MSDT). The exploit leverages a crafted URL scheme to execute PowerShell commands or download/execute payloads.
This PoC exploits CVE-2022-30190 (Follina) by generating a malicious Word document that triggers remote code execution via the MS-MSDT protocol. It includes an HTTP server to serve the payload and supports reverse shell functionality.
This repository contains a proof-of-concept exploit for CVE-2022-30190 (Follina), a Microsoft Office remote code execution vulnerability. The exploit involves hosting an HTML file and tricking a user into opening a malicious DOCX file, which then executes arbitrary code (e.g., launching calc.exe).
This repository contains a README describing CVE-2022-30190, a zero-click RCE vulnerability in MSDT (Microsoft Support Diagnostic Tool). No exploit code is present.
This repository contains a README file referencing CVE-2022-30190 (Follina), a Microsoft Office RCE vulnerability. It notes that a specific commit does not work but does not provide functional exploit code.
This repository provides a detailed technical analysis of CVE-2022-30190 (Follina), including lab setup, attack chain, IDS detection, and mitigation steps. It includes references to external tools and files but does not contain functional exploit code.
This repository provides a detailed technical analysis and proof-of-concept for CVE-2022-30190 (Follina), including exploit generation, forensic analysis, and mitigation patching. It includes a well-documented explanation of the vulnerability, exploit chain, and patch effectiveness.
This repository contains a detailed static analysis of the Follina exploit (CVE-2022-30190), focusing on the malicious Word document's behavior, VirusTotal results, and MITRE ATT&CK techniques. It provides technical insights into the exploit's mechanisms without including functional exploit code.
This repository is a static malware analysis writeup documenting the investigation of a malicious Microsoft Word document exploiting CVE-2022-30190 (Follina). It includes steps for file observation, VirusTotal analysis, MITRE ATT&CK technique mapping, and URL analysis.
This repository is a detailed writeup and analysis of the Follina (CVE-2022-30190) vulnerability, including investigation steps, log analysis, and threat intelligence findings. It does not contain exploit code but provides a comprehensive breakdown of the attack vector and mitigation steps.
This repository provides a detailed technical analysis of CVE-2022-30190 (Follina), including the vulnerability's root cause, exploitation steps, and mitigation strategies. It includes a step-by-step breakdown of how the ms-msdt protocol is abused for remote code execution in Microsoft Office.
This repository contains a detailed analysis and educational writeup of the Follina vulnerability (CVE-2022-30190) in Microsoft Office, including mitigation strategies. It does not include functional exploit code but provides research context.
This repository appears to be a writeup or documentation project for CVE-2022-30190 (Follina), focusing on exploitation, detection, and mitigation. No actual exploit code is present in the provided README.
This repository is a writeup for CVE-2022-30190 (Follina), detailing exploitation and mitigation strategies. It references external exploit code but does not contain direct exploit implementation.
This repository contains a functional PoC for CVE-2022-30190 (Follina), a Microsoft Office RCE vulnerability. It includes tools to generate malicious RTF documents and extract payloads from infected files.
This is a Go-based scanner tool designed to detect the presence of the Follina exploit (CVE-2022-30190) in ZIP files by analyzing embedded URLs and checking for the 'ms-msdt' string in HTTP responses. It supports recursive directory scanning and verbose output.
This repository provides a detailed writeup and step-by-step guide for exploiting CVE-2022-30190 (Follina), a remote code execution vulnerability in Microsoft Support Diagnostic Tool (MSDT). It includes instructions for crafting a malicious Word document and setting up a C2 server using a referenced Python script.
This repository contains a functional PoC for CVE-2022-30190 (Follina), a Microsoft Office RCE vulnerability. It includes tools to generate malicious RTF documents, extract payloads from infected files, and serve payloads via a simple HTTP server.
The repository contains only a README.md with a vague, non-technical statement and no exploit code or details. No actionable PoC or technical information is provided.
This repository contains a functional proof-of-concept exploit for CVE-2022-30190 (Follina), a Microsoft Office remote code execution vulnerability. The exploit generates a malicious Word document that leverages the MSDT URL protocol to execute arbitrary commands via PowerShell.
This repository contains PowerShell scripts to mitigate CVE-2022-30190 (Follina) by removing the 'HKEY_CLASSES_ROOT\ms-msdt' registry key and restoring it if needed. The scripts are designed for local or InTune deployment.
This repository provides two Python-compiled executables to temporarily mitigate CVE-2022-30190 (Follina) by modifying registry keys to disable the vulnerable MSDT troubleshooting feature. It includes a fix and a revert script.
This repository contains two Python scripts designed to temporarily mitigate CVE-2022-30190 (Follina) by modifying Windows registry keys to disable the MSDT troubleshooter and restore it later. The scripts automate the backup, deletion, and restoration of registry keys.
This is a functional PoC for CVE-2022-30190 (Follina), a Microsoft Office RCE vulnerability. It generates a malicious Word document that exploits the MS-MSDT protocol to execute arbitrary commands, optionally including a reverse shell.
This PoC exploits CVE-2022-30190 (Follina) by generating malicious Word/RTF documents that trigger remote code execution via the MSDT URL protocol handler. It supports both direct command execution and reverse shell payloads.
This repository contains a Sigma rule for detecting suspicious msdt.exe execution patterns associated with CVE-2022-30190 (Follina). The rule monitors process creation logs for specific command-line arguments indicative of exploitation attempts.
This repository contains a detailed writeup and guidance for CVE-2022-30190, a Microsoft Support Diagnostic Tool (MSDT) vulnerability. It includes mitigation steps, detection methods, and FAQs but does not contain exploit code.
This is a scanner tool designed to detect malicious content in office documents by analyzing file contents for suspicious patterns and keywords. It does not exploit CVE-2022-30190 but instead scans for indicators of compromise.
This repository contains a README file describing CVE-2022-30190, also known as the 'Follina' vulnerability, which is a remote code execution (RCE) flaw in Microsoft Office. The README does not include exploit code or technical details beyond naming the vulnerability.
This repository contains a writeup analyzing CVE-2022-30190, a zero-day vulnerability in Microsoft Office. It provides background information and context about the vulnerability but does not include exploit code or technical details for reproduction.
This repository provides a PowerShell script to mitigate CVE-2022-30190 by disabling the Microsoft Support Diagnostic Tool (MSDT) via registry modification. The script sets the 'EnableDiagnostics' DWORD value to '0' to prevent exploitation of the vulnerability.
This repository provides a PDQ package for detecting the presence of the MS-MSDT vulnerability (CVE-2022-30190) by checking for specific registry keys. It includes instructions for deployment but does not contain exploit code.
This repository provides a writeup and references for CVE-2022-30190 (Follina), a vulnerability in Microsoft Support Diagnostic Tool (MSDT) that allows remote code execution via malicious Word documents. It includes usage examples and links to PoC tools but does not contain exploit code itself.
This PoC exploits CVE-2022-30190 (Microsoft Office RCE via malicious Word document) by generating a weaponized .docx file that references a remote HTML payload. The script automates the creation of the exploit document and hosts the payload via a simple HTTP server.
This PowerShell script mitigates CVE-2022-30190 (Follina) by removing the vulnerable 'ms-msdt' registry key. It backs up the key before deletion to allow for potential restoration.
This is a functional PoC exploit for CVE-2022-30190 (Follina), which leverages a malicious Office document to execute arbitrary commands via the MSDT URL protocol handler. The script generates a weaponized document and hosts a payload server to trigger the vulnerability.
The repository contains only a README.md file with minimal content, lacking any functional exploit code or technical details for CVE-2022-30190. It appears to be a placeholder or incomplete submission.
This repository appears to be a placeholder or incomplete writeup for CVE-2022-30190 (Follina), a Microsoft Windows Support Diagnostic Tool (MSDT) vulnerability. The README.md file contains no substantive content or exploit code.
This PoC exploits CVE-2022-30190 (Follina) by generating a malicious .docx file that uses a frameset attack to execute arbitrary commands via the Microsoft Support Diagnostic Tool (MSDT). The script creates an evil.html file and a weaponized .docx file that references it.
This Metasploit module generates a malicious Microsoft Word document that exploits CVE-2022-30190 (Follina) by leveraging the remote template feature to fetch an HTML document and execute PowerShell code via the ms-msdt scheme.
This repository contains a functional Python script that generates a malicious HTML payload exploiting CVE-2022-30190 (Follina). The payload leverages the MS-MSDT URI scheme to execute arbitrary commands via PowerShell, bypassing security mechanisms in Microsoft Office.
This repository contains a functional Python-based exploit for CVE-2022-30190 (Follina), which leverages the MSDT vulnerability to execute arbitrary commands or establish a reverse shell via malicious Office documents. The tool generates weaponized .doc, .docx, or .rtf files with embedded MSProtocol URI schemes to trigger remote code execution.
References (4)
Scores
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H