Thread Rating:
  • 0 Vote(s) - 0 Average
  • 1
  • 2
  • 3
  • 4
  • 5
CVE-2022-30190 New MS office 0-day
New Microsoft office 0-day is being exploited in the wild at the moment under the name CVE-2022-30190. It uses Words external link to load the HTML and then uses the ms-msdt (Microsoft Diagnostic Tool) scheme to execute PowerShell code. A RCE vulnerability exists when MSDT is called using the URL protocol from a calling application such as Word. The exploit is a "zero-click" meaning all you have to do is to open a infected .doc file.
XORing around with my SuperModerator shoes. A serpent with shoes lol.

Messages In This Thread
CVE-2022-30190 New MS office 0-day - by xoredserpent - 06-04-2022, 10:31 PM

Forum Jump:

Users browsing this thread: 1 Guest(s)