Windows
67

Microsoft Office Follina Vulnerability CVE-2022-30190






  02-Jun-2022 21:34:57



Microsoft Windows Support Diagnostic Tool (MSDT) Remote Code Execution Vulnerability

CVE-2022-30190 

Exploit : https://github.com/chvancooten/follina.py 

Follina' MS-MSDT n-day Microsoft Office RCE

Quick POC to replicate the 'Follina' Office RCE vulnerability for local testing purposes. Running the script will generate a clickme.docx (or clickme.rtf) payload file in your current working directory, and start a web server with the payload file (www/exploit.html). The payload and web server parameters are configurable (see help and examples).

 DO NOT USE IN PRODUCTION LEST YOU BE REGARDED A DUMMY


Usage:

$ python .\follina.py -h
usage: follina.py [-h] -m {command,binary} [-b BINARY] [-c COMMAND] -t {rtf,docx} [-u URL] [-H HOST] [-P PORT]

options:
  -h, --help            show this help message and exit

Required Arguments:
  -m {command,binary}, --mode {command,binary}
                        Execution mode, can be "binary" to load a (remote) binary, or "command" to run an encoded PS command

Binary Execution Arguments:
  -b BINARY, --binary BINARY
                        The full path of the binary to run. Can be local or remote from an SMB share

Command Execution Arguments:
  -c COMMAND, --command COMMAND
                        The encoded command to execute in "command" mode

Optional Arguments:
  -t {rtf,docx}, --type {rtf,docx}
                        The type of payload to use, can be "docx" or "rtf"
  -u URL, --url URL     The hostname or IP address where the generated document should retrieve your payload, defaults to "localhost". Disables web server if custom URL scheme or path are specified
  -H HOST, --host HOST  The interface for the web server to listen on, defaults to all interfaces (0.0.0.0)
  -P PORT, --port PORT  The port to run the HTTP server on, defaults to 80

Related topic : 

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-30190 

https://otx.alienvault.com/browse/global/pulses?q=follina&include_inactive=0&sort=-modified&page=1&indicatorsSearch=follina 

https://otx.alienvault.com/pulse/629898a10462dc371ec628d4 

https://blog.malwarebytes.com/exploits-and-vulnerabilities/2022/05/microsoft-office-zero-day-follina-its-not-a-bug-its-a-feature-its-a-bug/ 

Mitigate : 

https://blog.malwarebytes.com/exploits-and-vulnerabilities/2022/06/faq-mitigating-microsoft-offices-follina-zero-day/ 

Bonus


 


DISCUSSION
Nothing comment here :(
Login for comment and discussion.
Login Here
Popular Posts
Gps Tracker Seccodeid Free Too...
Djie sam soe Djie sam soe
General
5060
156
Top

Complete Basic Course in Kali...
Djie sam soe Djie sam soe
Linux
4437
2
Top

Free Proxy List
Sandidi Sandidi
Networking
2793
3
Top

Mass Reverse IP Unlimited
ImamSy ImamSy
Hacking
2063
10
Top

Report McAfee Antivirus Hurrri...
Indrasp Indrasp
Windows
1560
93
Top

Related Post

Subscribe

Subscribe free now for latest posts