CVE-2022-44666

HIGH

Windows Contacts - Remote Code Execution

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2022-44666. PoCs published by j00sean.

AI-analyzed exploit summary This repository contains a proof-of-concept exploit for CVE-2022-44666, which involves an HTML injection vulnerability in Microsoft Windows Contacts. The exploit leverages crafted .contact or VCF files and LDAP protocol handlers to achieve arbitrary command execution.

Description

Windows Contacts Remote Code Execution Vulnerability

Exploits (1)

nomisec WORKING POC 155 stars
by j00sean · poc
https://github.com/j00sean/CVE-2022-44666

This repository contains a proof-of-concept exploit for CVE-2022-44666, which involves an HTML injection vulnerability in Microsoft Windows Contacts. The exploit leverages crafted .contact or VCF files and LDAP protocol handlers to achieve arbitrary command execution.

Classification
Working Poc 95%
Attack Type
Rce
Complexity
Moderate
Reliability
Reliable
Target: Microsoft Windows Contacts (wab.exe), Windows 10/11
No auth needed
Prerequisites: Victim must open a malicious .contact or VCF file or click an LDAP URI · LDAP server controlled by attacker for URI-based exploitation
mistral-large-3 · analyzed Feb 16, 2026 Full analysis →

References (1)

Core 1
Core References

Scores

CVSS v3 7.8
EPSS 0.4043
EPSS Percentile 98.5%
Attack Vector LOCAL
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment
Exploitation none
Automatable no
Technical Impact total

Details

Status published
Products (19)
microsoft/windows_10
microsoft/windows_10 20h2
microsoft/windows_10 21h1
microsoft/windows_10 21h2
microsoft/windows_10 22h2
microsoft/windows_10 1607
microsoft/windows_10 1809
microsoft/windows_11
microsoft/windows_11 22h2
microsoft/windows_7
... and 9 more
Published Dec 13, 2022
Tracked Since Feb 18, 2026