## https://sploitus.com/exploit?id=B2474BAA-4133-5059-8F0B-5BAAE9664466
# CVE-2022-30190-follina
Just another PoC for the new MSDT-Exploit
To edit the Doc, just open with 7z, xarchiver, ... to change the value in word\rels\document.xml.rels to your IP.
The exploit must contain at least 3541 characters <b>before</b> the window.location.href, and they must be within the script tag. Now there are about 9000, just to be sure.
More about the exploit:
https://www.borncity.com/blog/2022/06/01/follina-schwachstelle-cve-2022-30190-warnungen-erste-angriffe-der-status/ (german)
<br>
https://packetstormsecurity.com/files/167317/msdt-poc.txt
Mitigation and workaround:
https://msrc-blog.microsoft.com/2022/05/30/guidance-for-cve-2022-30190-microsoft-support-diagnostic-tool-vulnerability/
Windows Defender already knows that this is a security flaw (Trojan:Win32/Mesdetty.D), so you have to edit the file, in case you get busted.
REMEMBER: ONLY FOR EDUCATIONAL PURPOSES!!! ;)
## To-Do:
- Obfuscation
- Invoke PS Script