Search
Member List
Calendar
Help
New Microsoft office 0-day is being exploited in the wild at the moment under the name CVE-2022-30190. It uses Words external link to load the HTML and then uses the ms-msdt (Microsoft Diagnostic Tool) scheme to execute PowerShell code. A RCE vulnerability exists when MSDT is called using the URL protocol from a calling application such as Word. The exploit is a "zero-click" meaning all you have to do is to open a infected .doc file.
XORing around with my SuperModerator shoes. A serpent with shoes lol.