CVE-2022-30190CISA KEV: Actively Exploited

Microsoft Windows Support Diagnostic Tool (MSDT) Remote Code Execution Vulnerability

Published Jun 14, 2022·Updated Jun 14, 2022

Description

A remote code execution vulnerability exists when MSDT is called using the URL protocol from a calling application such as Word. An attacker who successfully exploits this vulnerability can run code with the privileges of the calling application.

Public Exploits & PoCs88 found

PoC: PoC-CVE-2022-30190

POC CVE-2022-30190 : CVE 0-day MS Offic RCE aka msdt follina

134

PoC: CVE-2022-30190

CVE-2022-30190 Follina POC

8

PoC: CVE-2022-30190

Proof-of-concept exploit for CVE-2022-30190 (Follina)

6

PoC: FollinaExtractor

Extract payload URLs from Follina (CVE-2022-30190) docx and rtf files

5

PoC: Follina-MSDT-Vulnerability-CVE-2022-30190-

Detection and Remediation of the Follina MSDT Vulnerability (CVE-2022-30190)

3

PoC: CVE-2022-30190-follina-Office-MSDT-Fixed

CVE-2022-30190-follina.py-修改版,可以自定义word模板,方便实战中钓鱼使用。

3

PoC: gollina

Follina MS-MSDT 0-day MS Office RCE (CVE-2022-30190) PoC in Go

3

PoC: CVE-2022-30190

CVE-2022-30190

2

PoC: FOLLINA-CVE-2022-30190

Implementation of FOLLINA-CVE-2022-30190

1

PoC: go_follina

Follina (CVE-2022-30190) proof-of-concept

1

PoC: CVE-2022-30190

Microsoft Support Diagnostic Tool (CVE-2022-30190)

1

PoC: CVE-2022-30190---Follina---Poc-Exploit

Simple Follina poc exploit

1

PoC: FollinaScanner

A tool written in Go that scans files & directories for the Follina exploit (CVE-2022-30190)

1

PoC: msdt-disable

MSDT protocol disabler (CVE-2022-30190 patch tool)

1

PoC: CVE-2022-30190-NSIS

An NSIS script that helps deploy and roll back the mitigation registry patch for CVE-2022-30190 as recommended by Microsoft

1

PoC: THM-Tempest

TryHackMe SOC Level 1 — Follina CVE-2022-30190, Nim C2, Chisel, PrintSpoofer, backdoor accounts

PoC: CVE-2022-30190-Follina-Lab

Full exploit chain lab and Suricata IDS detection for CVE-2022-30190 (Follina) - MSDT RCE

PoC: CVE-2022-30190-Follina-

CVE-2022-30190 — "Follina" — MSDT remote code execution via Word docs, no macro needed, Defender initially missed it

PoC: CVE-2022-30190

Educational Proof-of-Concept for the CVE-2022-30190 (Follina) vulnerability.

PoC: Static-Malware-Analysis-Follina-CVE-2022-30190

Static Malware Analysis of Follina (CVE-2022-30190) from Blue Team Labs Online

PoC: CVE-2022-30190-Follina

Exploited the Microsoft Support Diagnostic Tool - Follina (CVE-2022-30190)

PoC: LetsDefend-SOC173-Follina-0-Day-Detected

We are presented with a security alert indicating the detection of the Follina (CVE-2022-30190) vulnerability. A malicious Word document triggered msdt.exe execution, suggesting possible remote code execution on the host JonasPRD. Our task is to investigate the alert, confirm exploitation, assess impact, and recommend remediation.

PoC: Follina-Vulnerability-CVE-2022-30190-Exploit-Analysis

Exploration of the Follina (CVE-2022-30190) Microsoft Office vulnerability, including a detailed analysis, proof-of-concept exploitation in a controlled lab, and mitigation strategies. For educational and research purposes only.

PoC: Folina-Vulnerability-Exploitation-Detection-and-Mitigation

Project Repository for Exploitation, Detection and Mitigation of Folina Vulnerability (CVE-2022-30190)

PoC: ICT287_CVE-2022-30190_Exploit

Project on CVE-2022-30190 exploitation and mitigation strategies

PoC: CVE-2022-30190_page

PoC of CVE-2022-30190

PoC: CVE-2022-30190

CVE-2022-30190 Proof-Of-Concept

PoC: Follina-CVE-2022-30190-Sample

Educational exploit for CVE-2022-30190

PoC: CVE-2022-30190-POC

For learning purpose did a complete analysis on CVE-2022-30190 "Follina" POC

PoC: CVE-2022-30190

The script is from https://github.com/JohnHammond/msdt-follina, just make it simple for me to use it and this script aim at generating the payload for more information refer the johnn hammond link

PoC: ZipScan

A tool written in Go that scans files & directories for the Follina exploit (CVE-2022-30190)

PoC: AmzWord

An automated attack chain based on CVE-2022-30190, 163 email backdoor, and image steganography.

PoC: CVE-2022-30190

Follina (CVE-2022-30190) is a Microsoft Office zero-day vulnerability that has recently been discovered. It’s a high-severity vulnerability that hackers can leverage for remote code execution (RCE) attacks.

PoC: CVE-2022-30190

An exploitation of CVE-2022-30190 (Follina)

PoC: Follina_Vagrant

Follina(CVE-2022-30190) Vagrant Demo

PoC: Enterprise-Cybersecurity

CVE-2022-30190(follina)

PoC: Follina-CVE-2022-30190-Sample

Educational Follina PoC Tool

PoC: FollinaXploit

A Command Line based python tool for exploit Zero-Day vulnerability in MSDT (Microsoft Support Diagnostic Tool) also know as 'Follina' CVE-2022-30190.

PoC: CVE-Smackdown

Implementation of CVE-2022-30190 in C

PoC: Follina-attack-CVE-2022-30190-

this is a demo attack of FOLLINA exploit , a vulnerability that has been discovered in May 2022 and stood unpatched until June 2022

PoC: CVE-2022-30190

Proof of concept for CVE-2022-30190 (Follina).

PoC: Follina-CVE-2022-30190-PoC-sample

Educational Follina PoC Tool

PoC: five-nights-at-follina-s

A Fullstack Academy Cybersecurity project examining the full cycle of the Follina (CVE-2022-30190) vulnerability, from exploit to detection and defense.

PoC: CVE-2022-30190-Follina-PowerPoint-Version

CVE-2022-30190 powerpoint version

PoC: Follina-CVE-2022-30190-PoC-sample

Educational Follina PoC Tool

PoC: CVE-2022-30190-MASS-RCE

MSDT 0-Day Mass Exploitation Tool

PoC: follina-CVE-2022-30190

follina zero day vulnerability to help Microsoft to mitigate the attack

PoC: CVE-2022-30190

Python file scanner created in 2021 scanning for known and potential vulns

PoC: PicusSecurity4.Week.Repo

CVE-2022-30190 : CVE 0-day MS Offic RCE aka msdt follina

PoC: Follina-CVE-2022-30190-Unofficial-patch

An Unofficial Patch Follina CVE-2022-30190 (patch) by micrisoft Guidelines. for more details goto : https://msrc-blog.microsoft.com/2022/05/30/guidance-for-cve-2022-30190-microsoft-support-diagnostic-tool-vulnerability/

PoC: CVE-2022-30190_Temporary_Fix_Source_Code

These are the source codes of the Python scripts to apply the temporary protection against the CVE-2022-30190 vulnerability (Follina)

PoC: CVE-2022-30190_Temporary_Fix

These are two Python scripts compiled to easily and quickly apply temporary protection against the CVE-2022-30190 vulnerability (Follina)

PoC: CVE-2022-30190-Analysis-With-LetsDefends-Lab

this is my simple article about CVE 2022-30190 (Follina) analysis. I use the lab from Letsdefend.

PoC: follina_cve_2022-30190

proof of concept to CVE-2022-30190 (follina)

PoC: PicusSecurity4.Week.Repo

CVE-2022-30190 : CVE 0-day MS Offic RCE aka msdt follina

PoC: CVE-2022-30190

Mitigation for CVE-2022-30190

PoC: Clickstudio-compromised-certificate

Repository containing the compromised certificate seen in recent CVE-2022-30190 (Follina) attacks.

PoC: Follina_Exploiter_CLI

Exploit Microsoft Zero-Day Vulnerability Follina (CVE-2022-30190)

PoC: Deathnote

Proof of Concept of CVE-2022-30190

PoC: follina-spring

Server to host/activate Follina payloads & generator of malicious Word documents exploiting the MS-MSDT protocol. (CVE-2022-30190)

PoC: Follina

Notes related to CVE-2022-30190

PoC: FollinaPatcherCLI

Désactivation du protocole MSDT URL (CVE-2022-30190) avec gestion des erreurs et de l'exit code pour un déploiement en masse

PoC: msdt-follina

Microsoft MS-MSDT Follina (0-day Vulnerability) CVE-2022-30190 Attack Vector

PoC: CVE-2022-30190

Follina POC by John Hammond

PoC: cve-2022-30190-mitigate

Powershell script to mitigate cve-2022-30190

PoC: cve-2022-30190-mitigate

Microsoft's recommended mitigation for CVE-2022-30190 using Powershell

PoC: CVE-2022-30190

This is to patch CVE-2022-30190. Use at your own risk.

PoC: follina

All about CVE-2022-30190, aka follina, that is a RCE vulnerability that affects Microsoft Support Diagnostic Tools (MSDT) on Office apps such as Word. This is a very simple POC, feel free to check the sources below for more threat intelligence.

PoC: CVE-2022-30190-mass-rce

CVE-2022-30190 Zero click rce Mass Exploitation Tool with Multi threading capabilities

PoC: MS-MSDT-Office-RCE-Follina

CVE-2022-30190 | MS-MSDT Follina One Click

PoC: ms-msdt-vulnerability-pdq-package

PDQ Package I created for CVE-2022-30190

PoC: CVE-2022-30190-Follina-Patch

The CVE-2022-30190-follina Workarounds Patch

PoC: mitigate-folina

Mitigates the "Folina"-ZeroDay (CVE-2022-30190)

PoC: CVE-2022-30190

MS-MSDT Follina CVE-2022-30190 PoC document generator

PoC: 2022_PoC-MSDT-Follina-CVE-2022-30190

Proof of Concept zu MSDT-Follina - CVE-2022-30190. ÜBERPRÜFUNG DER WIRKSAMKEIT VON MICROSOFT DEFNEDER IN DER JEWEILS AKTUELLSTEN WINDOWS 10 VERSION.

PoC: CVE-2022-30190

CVE-2022-30190 or "Follina" 0day proof of concept

PoC: Follina-Remediation

Removes the ability for MSDT to run, in response to CVE-2022-30190 (Follina)

PoC: CVE-2022-30190-follina

Just another PoC for the new MSDT-Exploit

PoC: CVE-2022-30190-mass

CVE-2022-30190 Zero click rce Mass Exploitation Tool with Multi threading capabilities

PoC: CVE-2022-30190

MSDT 0-Day Mass Exploitation Tool

PoC: cve-2022-30190

CVE-2022-30190 remediation via removal of ms-msdt from Windows registry

PoC: CVE-2022-30190

A remote code execution vulnerability exists when MSDT is called using the URL protocol from a calling application such as Word. An attacker who successfully exploits this vulnerability can run arbitrary code with the privileges of the calling application. The attacker can then install programs, view, change, or delete data, or create new accounts in the context allowed by the user’s rights.

PoC: msdt-follina-office

CVE-2022-30190- A Zero-Click RCE Vulnerability In MSDT

PoC: CVE-2022-30190-ASR-Senintel-Process-Pickup

Picking up processes that have triggered ASR related to CVE-2022-30190

PoC: cve-2022-30190

Aka Follina = benign POC.

PoC: MSDT_CVE-2022-30190

This Repository Talks about the Follina MSDT from Defender Perspective

PoC: CVE-2022-30190

Microsoft Office Word Rce 复现(CVE-2022-30190)

PoC: msdt-follina-office-rce

CVE-2022-30190

References

View on NVD Search GitHub Search Google

Get alerted for CVEs like this

Register your stack and get notified within minutes when a matching CVE drops.

Start monitoring free