# CVE-2022-30190

> Based on

## Environment Setup
> Use files in /env-setup
1. Virtual Machine: use VirtualBox and [Win10_21H2_English_x32.iso]( (Build 19044.1288)
2. Install Microsoft Word, run `setup.exe /configure configuration.xml` using cmd inside /env-setup/odt-2013
3. Install Python 3.8.10

## Exploitation
1. Turn off Virus and Threat Scanning in Window's settings
2. Make sure you have all the Python packages needed
    * Often need to install netifaces using `pip install netifaces`
3. Get your machine's IP address (`ipconfig`)
4. Run `py -i <ip-address>` (refer to the original repo for more details)
5. Open the malicious doc file. Then the msdt, sdiagnhost and a calcualtor should pop up

<img src=""  width=40%> <img src=""  width=40%> <img src=""  width=40%>