Share
## https://sploitus.com/exploit?id=B2474BAA-4133-5059-8F0B-5BAAE9664466
# CVE-2022-30190-follina
Just another PoC for the new MSDT-Exploit


To edit the Doc, just open with 7z, xarchiver, ... to change the value in word\rels\document.xml.rels to your IP.

The exploit must contain at least 3541 characters <b>before</b> the window.location.href, and they must be within the script tag. Now there are about 9000, just to be sure.


More about the exploit:

https://www.borncity.com/blog/2022/06/01/follina-schwachstelle-cve-2022-30190-warnungen-erste-angriffe-der-status/ (german)
<br>
https://packetstormsecurity.com/files/167317/msdt-poc.txt

Mitigation and workaround:

https://msrc-blog.microsoft.com/2022/05/30/guidance-for-cve-2022-30190-microsoft-support-diagnostic-tool-vulnerability/


Windows Defender already knows that this is a security flaw, so you have to edit the file, in case you get busted.

REMEMBER: ONLY FOR EDUCATIONAL PURPOSES!!! ;)

## To-Do:

- Obfuscation
- Invoke PS Script