CVE-2022-30190 Follina POC
Host exploit.html on localhost, port 80. Open the docx to pop calc.
To change the remote address the doc points to, open in 7Z and edit word\rels\document.xml.rels to point to a new location. YOU MUST keep the exclamation mark. It will literally not run if you omit this from the end of the URL.
The exploit must contain at least 3541 characters before the window.location.href, and they must be within the script tag. There is about 6000 or so included in the exploit.html