Entreprise d'experts en Sécurité Informatique : Audits et conseils en cybersécurité
Entreprise française de cybersécurité depuis 2004
☎ 03 60 47 09 81 - info@securiteinfo.com


CVE-2022-30190

Description

A remote code execution vulnerability exists when MSDT is called using the URL protocol from a calling application such as Word. An attacker who successfully exploits this vulnerability can run arbitrary code with the privileges of the calling application. The attacker can then install programs, view, change, or delete data, or create new accounts in the context allowed by the user’s rights.Please see the MSRC Blog Entry for important information about steps you can take to protect your system from this vulnerability.

POC

Reference

- http://packetstormsecurity.com/files/167438/Microsoft-Office-Word-MSDTJS-Code-Execution.html

Github

- https://github.com/0kraven/MalDevJournal

- https://github.com/0x06K/MalDevJournal

- https://github.com/0x7a6b4c/msdt-follina-office-rce

- https://github.com/0x7n6/OSCP

- https://github.com/0xAbbarhSF/FollinaXploit

- https://github.com/0xStarFord/FollinaXploit

- https://github.com/0xStrygwyr/OSCP-Guide

- https://github.com/0xZipp0/OSCP

- https://github.com/0xflagplz/MS-MSDT-Office-RCE-Follina

- https://github.com/0xsyr0/OSCP

- https://github.com/20142995/sectool

- https://github.com/2867a0/CVE-2022-30190

- https://github.com/3barz/Follina_Vagrant

- https://github.com/7xm7/soc-incident-report-tempest

- https://github.com/ARPITJ0SHI/Follina-Mitigation-tool

- https://github.com/ARPSyndicate/cvemon

- https://github.com/Abdibimantara/CVE-2022-30190-Analysis-With-LetsDefends-Lab

- https://github.com/AbdulRKB/Follina

- https://github.com/AchocolatechipPancake/MS-MSDT-Office-RCE-Follina

- https://github.com/Adkali/POC-msdt-follina

- https://github.com/Astrogeorgeonethree/Starred2

- https://github.com/AustinStitz-Hacking/csaw23qual

- https://github.com/Bharathkasyap/programmatic-vulnerability-remediations-Bharath

- https://github.com/Bharathkasyap/sentinel-detection-rules-Bharath

- https://github.com/CVEDB/awesome-cve-repo

- https://github.com/CVEDB/top

- https://github.com/Captain404/Follina-CVE-2022-30190-PoC-sample

- https://github.com/Cerebrovinny/follina-CVE-2022-30190

- https://github.com/ChristosSmiliotopoulos/Lateral-Movement-Dataset--LMD_Collections

- https://github.com/Cosmo121/Follina-Remediation

- https://github.com/CyberTitus/Follina

- https://github.com/DOV3Y/CVE-2022-30190-ASR-Senintel-Process-Pickup

- https://github.com/DerZiad/CVE-2022-30190

- https://github.com/DerZiad/DerZiad

- https://github.com/EkamSinghWalia/Follina-MSDT-Vulnerability-CVE-2022-30190-

- https://github.com/ErrorNoInternet/FollinaScanner

- https://github.com/G-Zion/ProductionFollinaWorkaround

- https://github.com/G4vr0ch3/PyRATE

- https://github.com/Getshell/Phishing

- https://github.com/GhostTroops/TOP

- https://github.com/GibzB/THM-Captured-Rooms

- https://github.com/Gladotta/Gladotta

- https://github.com/Gra3s/CVE-2022-30190-Follina-PowerPoint-Version

- https://github.com/Gra3s/CVE-2022-30190_EXP_PowerPoint

- https://github.com/Gra3s/CVE-2022-30190_PowerPoint

- https://github.com/Hrishikesh7665/Follina_Exploiter_CLI

- https://github.com/ITMarcin2211/CVE-2022-30190

- https://github.com/IamVSM/msdt-follina

- https://github.com/Imeneallouche/Follina-attack-CVE-2022-30190-

- https://github.com/ImproveCybersecurityJaro/2022_PoC-MSDT-Follina-CVE-2022-30190

- https://github.com/ItsNee/Follina-CVE-2022-30190-POC

- https://github.com/JERRY123S/all-poc

- https://github.com/JMousqueton/PoC-CVE-2022-30190

- https://github.com/Java-Printemps/.github

- https://github.com/JotaQC/CVE-2022-30190_Temporary_Fix

- https://github.com/JotaQC/CVE-2022-30190_Temporary_Fix_Source_Code

- https://github.com/Jump-Wang-111/AmzWord

- https://github.com/KJOONHWAN/CVE-Exploit-Demonstration

- https://github.com/KKarani1/DisableMS-MSDT

- https://github.com/LaurensLecocq04/FollinaTest

- https://github.com/LissanKoirala/LissanKoirala

- https://github.com/Lucaskrell/go_follina

- https://github.com/Ly0nt4r/OSCP

- https://github.com/MalwareTech/FollinaExtractor

- https://github.com/Malwareman007/Deathnote

- https://github.com/Mh4tter/ProductionFollinaWorkaround

- https://github.com/MojithaR/CVE-Vulnerability-Research

- https://github.com/Mr-xn/Penetration_Testing_POC

- https://github.com/Muhammad-Ali007/Follina_MSDT_CVE-2022-30190

- https://github.com/NaInSec/CVE-PoC-in-GitHub

- https://github.com/No-Spear/static-engine

- https://github.com/Nodeblue/Follina

- https://github.com/Noxtal/follina

- https://github.com/Nyx2022/Follina-CVE-2022-30190-Sample

- https://github.com/Osiris9211/Task-3-Vulnerability-Scan-Report

- https://github.com/Ostorlab/KEV

- https://github.com/Ostorlab/known_exploited_vulnerbilities_detectors

- https://github.com/PaddlingCode/cve-2022-30190

- https://github.com/Perucy/vulngpt

- https://github.com/PetitPrinc3/PyRATE

- https://github.com/Potato-9257/CVE-2022-30190_page

- https://github.com/RathoreAbhiii/Folina-Vulnerability-Exploitation-Detection-and-Mitigation

- https://github.com/Raulisr00t/WindowsDiagnostics

- https://github.com/Riki744/MS-MSDT_Office_RCE_Follina

- https://github.com/RinkuDas7857/Vuln

- https://github.com/Rojacur/FollinaPatcherCLI

- https://github.com/SYRTI/POC_to_review

- https://github.com/SilentExploitx/SilentExploit

- https://github.com/SirElmard/ethical_hacking

- https://github.com/SkerdH/Cyber-Kill_chain

- https://github.com/SonicWave21/Follina-CVE-2022-30190-Unofficial-patch

- https://github.com/Sparrow-Co-Ltd/real_cve_examples

- https://github.com/SrCroqueta/CVE-2022-30190_Temporary_Fix

- https://github.com/SrCroqueta/CVE-2022-30190_Temporary_Fix_Source_Code

- https://github.com/SrikeshMaharaj/CVE-2022-30190

- https://github.com/SystemJargon/info-sec

- https://github.com/SystemJargon/infosec-windows-2022

- https://github.com/TBHIDK24/MalDevJournal

- https://github.com/TBHIDK57/MalDevJournal

- https://github.com/Tarunkal/SOC-Incident-Investigation-Report-SIIR-

- https://github.com/ToxicEnvelope/FOLLINA-CVE-2022-30190

- https://github.com/VERA-Model/remediation-scripts

- https://github.com/Vaisakhkm2625/MSDT-0-Day-CVE-2022-30190-Poc

- https://github.com/VirtualSamuraii/FollinaReg

- https://github.com/WesyHub/CVE-2022-30190---Follina---Poc-Exploit

- https://github.com/WhooAmii/POC_to_review

- https://github.com/WilsonFung414/CVE-2022-30190

- https://github.com/Xandevistan/CVE-Exploit-Demonstration

- https://github.com/XxToxicScriptxX/CVE-2022-30190

- https://github.com/YannikG/tsbe-cybersec-follina

- https://github.com/Zeyad-Azima/Remedy4me

- https://github.com/Zitchev/go_follina

- https://github.com/abhirules27/Follina

- https://github.com/adnan-kutay-yuksel/tryhackme-all-rooms-database

- https://github.com/akyuksel/tryhackme-all-rooms-database

- https://github.com/alien-keric/CVE-2022-30190

- https://github.com/amartinsec/MS-URI-Handlers

- https://github.com/aminetitrofine/CVE-2022-30190

- https://github.com/amitniz/exploits

- https://github.com/amitniz/follina_cve_2022-30190

- https://github.com/anquanscan/sec-tools

- https://github.com/ar2o3/FollinaXploit

- https://github.com/archanchoudhury/MSDT_CVE-2022-30190

- https://github.com/arozx/CVE-2022-30190

- https://github.com/aymankhder/MSDT_CVE-2022-30190-follina-

- https://github.com/b401/Clickstudio-compromised-certificate

- https://github.com/bytecaps/CVE-2022-30190

- https://github.com/castlesmadeofsand/ms-msdt-vulnerability-pdq-package

- https://github.com/chacalbl4ck/meurepositorio

- https://github.com/chanda84/TryHackmeWriteUp__Tempest

- https://github.com/cm101995/Rapid7_InsightVM

- https://github.com/codeuk/MSDT-Exploit

- https://github.com/codeuk/msdt-exploit

- https://github.com/crac-learning/CVE-analysis-reports

- https://github.com/cryxnet/SekiganWare

- https://github.com/cybercy/cybercy

- https://github.com/cyberdashy/CVE-2022-30190

- https://github.com/derco0n/mitigate-folina

- https://github.com/devinSchminke/Follina-workaround-automation

- https://github.com/doocop/CVE-2022-30190

- https://github.com/drgreenthumb93/CVE-2022-30190-follina

- https://github.com/droidrzrlover/CVE-2022-30190

- https://github.com/dshabani96/CVE-2024-21413

- https://github.com/dsibilio/follina-spring

- https://github.com/dwisiswant0/gollina

- https://github.com/e-hakson/OSCP

- https://github.com/eMarce1/Windows-0-Day-Automated-fix

- https://github.com/eljosep/OSCP-Guide

- https://github.com/ernestak/CVE-2022-30190

- https://github.com/ernestak/Sigma-Rule-for-CVE-2022-30190

- https://github.com/ethan-devspace9ol/VulnPlanet

- https://github.com/ethicalblue/Follina-CVE-2022-30190-PoC-sample

- https://github.com/ethicalblue/Follina-CVE-2022-30190-Sample

- https://github.com/eventsentry/scripts

- https://github.com/faa-subsystem/C2_Attack_Investigation

- https://github.com/flux10n/CVE-2022-30190

- https://github.com/gamingwithevets/msdt-disable

- https://github.com/getvictor/fleet-mcp

- https://github.com/giterlizzi/secdb-feeds

- https://github.com/gyaansastra/CVE-2022-30190

- https://github.com/hereticerik/follina-patch

- https://github.com/hilt86/cve-2022-30190-mitigate

- https://github.com/hktalent/TOP

- https://github.com/hscorpion/CVE-2022-30190

- https://github.com/hycheng15/CVE-2022-30190

- https://github.com/ir1descent1/analyze_word_rels_targets

- https://github.com/j-info/ctfsite

- https://github.com/j00sean/CVE-2022-44666

- https://github.com/jbmihoub/all-poc

- https://github.com/jeffreybxu/five-nights-at-follina-s

- https://github.com/joseoteroo/Unofficial-Follina-Mitigation

- https://github.com/joshuavanderpoll/CVE-2022-30190

- https://github.com/jotavare/42-resources

- https://github.com/k0mi-tg/CVE-POC

- https://github.com/k508/CVE-2022-30190

- https://github.com/kdk2933/msdt-CVE-2022-30190

- https://github.com/kgwanjala/oscp-cheatsheet

- https://github.com/khulnasoft-lab/awesome-security

- https://github.com/khulnasoft-labs/awesome-security

- https://github.com/klezVirus/CVE-2021-40444

- https://github.com/kocdeniz/msdt-poc

- https://github.com/komomon/CVE-2022-30190-follina-Office-MSDT-Fixed

- https://github.com/lions2012/Penetration_Testing_POC

- https://github.com/manas3c/CVE-POC

- https://github.com/mattjmillner/CVE-Smackdown

- https://github.com/maxDcb/Reources

- https://github.com/mechanysm/MS-MSDT-Proactive-remediation

- https://github.com/melting0256/Enterprise-Cybersecurity

- https://github.com/meowhua15/CVE-2022-30190

- https://github.com/michealadams30/Cve-2022-30190

- https://github.com/mikeHack23/KB-Vulnerabilidad-FOLLINA

- https://github.com/mitespsoc/CVE-2022-30190-POC

- https://github.com/nanaao/PicusSecurity4.Week.Repo

- https://github.com/nitishbadole/oscp-note-3

- https://github.com/nomi-sec/PoC-in-GitHub

- https://github.com/notherealhazard/follina-CVE-2022-30190

- https://github.com/onecloudemoji/CVE-2022-30190

- https://github.com/oscpname/OSCP_cheat

- https://github.com/oyMarcel/Windows-0-Day-Automated-fix

- https://github.com/pedrojosawczuk/BetterWithReg

- https://github.com/plzheheplztrying/cve_monitor

- https://github.com/prap05/elevatelabs_task03

- https://github.com/rajaculaemas/Splunk-Cheat-Sheet-Top-20-Malware-and-Virus-2022

- https://github.com/ramyardaneshgar/THM-TacticalDetection

- https://github.com/ramyardaneshgar/TacticalDetection

- https://github.com/ransomsec/cvePuller

- https://github.com/rayorole/CVE-2022-30190

- https://github.com/reubensammut/dogwalk

- https://github.com/revanmalang/OSCP

- https://github.com/rickhenderson/cve-2022-30190

- https://github.com/ronak4044/Cybersecurity-Task3

- https://github.com/rouben/CVE-2022-30190-NSIS

- https://github.com/ruefulrobin/findrill2022

- https://github.com/safakTamsesCS/PicusSecurity4.Week.Repo

- https://github.com/seinab-ibrahim/Follina-Vulnerability-CVE-2022-30190-Exploit-Analysis

- https://github.com/sentinelblue/CVE-2022-30190

- https://github.com/sentrium-security/Follina-Workaround-CVE-2022-30190

- https://github.com/shri142/ZipScan

- https://github.com/skitkat/CVE-2022-30190-POC

- https://github.com/splunk-soar-connectors/googlethreatintelligence

- https://github.com/sudoaza/CVE-2022-30190

- https://github.com/suegdu/CVE-2022-30190-Follina-Patch

- https://github.com/suenerve/CVE-2022-30190-Follina-Patch

- https://github.com/swaiist/CVE-2022-30190-Fix

- https://github.com/swczk/BetterWithReg

- https://github.com/tej7gandhi/CVE-2022-30190-Zero-Click-Zero-Day-in-msdt

- https://github.com/terryb8s/MS-MSDT-Proactive-remediation

- https://github.com/thanhtranntkh/SMDT-fix

- https://github.com/tib36/PhishingBook

- https://github.com/tiepologian/Follina

- https://github.com/trhacknon/CVE-2022-30190

- https://github.com/trhacknon/Pocingit

- https://github.com/whoforget/CVE-POC

- https://github.com/willamygarcia/Vuln_Windows_7_11

- https://github.com/winstxnhdw/CVE-2022-30190

- https://github.com/xhref/OSCP

- https://github.com/xtawb/Shadowolf

- https://github.com/xuetusummer/Penetration_Testing_POC

- https://github.com/yeep1115/ICT287_CVE-2022-30190_Exploit

- https://github.com/yevh/VulnPlanet

- https://github.com/youwizard/CVE-POC

- https://github.com/yrkuo/CVE-2022-30190

- https://github.com/zecool/cve

- https://github.com/zerokamix/SekiganWare

- https://github.com/zhanpengliu-tencent/medium-cve

- https://github.com/zkl21hoang/msdt-follina-office-rce