Windows
181

Microsoft Office Follina Vulnerability CVE-2022-30190






  02-Jun-2022 21:34:57



Microsoft Windows Support Diagnostic Tool (MSDT) Remote Code Execution Vulnerability

CVE-2022-30190 

Exploit : https://github.com/chvancooten/follina.py 

Follina' MS-MSDT n-day Microsoft Office RCE

Quick POC to replicate the 'Follina' Office RCE vulnerability for local testing purposes. Running the script will generate a clickme.docx (or clickme.rtf) payload file in your current working directory, and start a web server with the payload file (www/exploit.html). The payload and web server parameters are configurable (see help and examples).

 DO NOT USE IN PRODUCTION LEST YOU BE REGARDED A DUMMY


Usage:

$ python .\follina.py -h
usage: follina.py [-h] -m {command,binary} [-b BINARY] [-c COMMAND] -t {rtf,docx} [-u URL] [-H HOST] [-P PORT]

options:
  -h, --help            show this help message and exit

Required Arguments:
  -m {command,binary}, --mode {command,binary}
                        Execution mode, can be "binary" to load a (remote) binary, or "command" to run an encoded PS command

Binary Execution Arguments:
  -b BINARY, --binary BINARY
                        The full path of the binary to run. Can be local or remote from an SMB share

Command Execution Arguments:
  -c COMMAND, --command COMMAND
                        The encoded command to execute in "command" mode

Optional Arguments:
  -t {rtf,docx}, --type {rtf,docx}
                        The type of payload to use, can be "docx" or "rtf"
  -u URL, --url URL     The hostname or IP address where the generated document should retrieve your payload, defaults to "localhost". Disables web server if custom URL scheme or path are specified
  -H HOST, --host HOST  The interface for the web server to listen on, defaults to all interfaces (0.0.0.0)
  -P PORT, --port PORT  The port to run the HTTP server on, defaults to 80

Related topic : 

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-30190 

https://otx.alienvault.com/browse/global/pulses?q=follina&include_inactive=0&sort=-modified&page=1&indicatorsSearch=follina 

https://otx.alienvault.com/pulse/629898a10462dc371ec628d4 

https://blog.malwarebytes.com/exploits-and-vulnerabilities/2022/05/microsoft-office-zero-day-follina-its-not-a-bug-its-a-feature-its-a-bug/ 

Mitigate : 

https://blog.malwarebytes.com/exploits-and-vulnerabilities/2022/06/faq-mitigating-microsoft-offices-follina-zero-day/ 

Bonus


 


DISCUSSION
Nothing comment here :(
Login for comment and discussion.
Login Here
Sponsored

Oppss... No sponsors yet

Popular Posts
Complete Basic Course in Kali...
Djie sam soe Djie sam soe
Linux
9817
2
Top

Gps Tracker Seccodeid Free Too...
Djie sam soe Djie sam soe
General
6127
167
Top

Free Proxy List
Sandidi Sandidi
Networking
3047
3
Top

Mass Reverse IP Unlimited
ImamWawe ImamWawe
Tools Hacking
2330
11
Top

Report McAfee Antivirus Hurrri...
Indrasp Indrasp
Windows
1682
93
Top

Related Post

Youtube Video

Subscribe