# follina (POC)
All about CVE-2022-30190, aka follina, that is a RCE vulnerability that affects Microsoft Support Diagnostic Tools (MSDT) on Office apps such as Word. This is a very simple POC, feel free to check the sources below for more threat intelligence.

# Usage
usage: [-h] [--command COMMAND] [--ip IP] [--port PORT] [--output OUTPUT] [--reverse REVERSE]

POC for CVE-2022-30190, aka follina

  -h, --help            show this help message and exit
  --command COMMAND, -c COMMAND
                        The command to run on the victim (defaults to calc.exe)
  --ip IP, -i IP        IP to serve the payload on (defaults to
  --port PORT, -p PORT  Port to serve the payload on (defaults to 4444)
  --output OUTPUT, -o OUTPUT
                        Filename for output, should end with extension .doc, .docx or maybe .rtf (defaults to maldoc.docx)
  --reverse REVERSE, -r REVERSE
                        Instantiate a reverse shell connection from the target at port furnished. 64-bits systems only.

# Workaround
Disabling MSDT from the registry should fix this issue
reg delete HKEY_CLASSES_ROOT\ms-msdt /f

# Sources