Lucene search
296ECE66-CC92-53E6-9959-06669247F867HistoryNov 28, 2023 - 3:47 a.m.
Exploit for Externally Controlled Reference to a Resource in Another Sphere in Microsoft
2023-11-2803:47:32
270
externally controlled reference
microsoft word
cve-2022-30190
163 email backdoor
image steganography
automated attack chain
github repository
python
pycrypto module
wmi module
enum34 module
netifaces module
social engineering
remote control commands
anti-virus
privilege escalation
task manager
smtp server
imap server
screenshots
pop-up windows
shutting down
learning and exchange.
CVSS2
9.3
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:M/Au:N/C:C/I:C/A:C
CVSS3
7.8
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
EPSS
0.963
Percentile
99.6%
AmzWord
an automated attack chain based on CVE-2022-30190, …
This is an article that belongs to githubexploit private collection.
Please sign in to get more Information.
Related
hivepro
hivepro
Follina: A zero-day vulnerability in Microsoft Office
2022-06-15 10:13:53
Actors, Threats and Vulnerabilities 22 to 28 May 2023
2023-05-30 07:42:00
Woody RAT leverages Follina to target Russia
2022-08-05 18:22:17
githubexploit
githubexploit
thn
thn
Hackers Exploiting Follina Bug to Deploy Rozena Backdoor
2022-07-09 08:49:00
XWorm Malware Exploits Follina Vulnerability in New Wave of Attacks
2023-05-12 21:00:00
Asylum Ambuscade: A Cybercrime Group with Espionage Ambitions
2023-06-09 13:37:00
malwarebytes
malwarebytes
Woody RAT: A new feature-rich malware spotted in the wild
2022-08-03 21:25:52
FAQ: Mitigating Microsoft Office’s ‘Follina’ zero-day
2022-06-01 16:36:44
Woody RAT: A new feature-rich malware spotted in the wild
2022-08-03 21:00:00
msrc
msrc
Guidance for CVE-2022-30190 Microsoft Support Diagnostic Tool Vulnerability
2022-05-30 07:00:00
Guidance for CVE-2022-30190 Microsoft Support Diagnostic Tool Vulnerability
2022-05-30 07:00:00
CVE-2022-30190 マイクロソフト サポート診断ツールの脆弱性に関するガイダンス
2022-05-30 07:00:00
prion
prion
Remote code execution
2022-06-01 20:15:00
cvelist
cvelist
qualysblog
qualysblog
Detect the Follina MSDT Vulnerability (CVE-2022-30190) with Qualys Multi-Vector EDR & Context XDR
2022-06-14 20:52:25
Launching Qualys Cloud Threat Database
2023-02-08 13:50:00
In-Depth Look Into Data-Driven Science Behind Qualys TruRisk
2022-10-10 14:32:29
schneier
schneier
Clever — and Exploitable — Windows Zero-Day
2022-06-01 18:25:36
metasploit
metasploit
Microsoft Office Word MSDTJS
2022-05-30 17:23:18
packetstorm
packetstorm
Microsoft Office Word MSDTJS Code Execution
2022-06-07 00:00:00
Microsoft Office MSDT Follina Proof Of Concept
2022-05-31 00:00:00
cisa_kev
cisa_kev
nvd
nvd
CVE-2022-30190
2022-06-01 20:15:07
rapid7blog
rapid7blog
CVE-2022-30190: "Follina" Microsoft Support Diagnostic Tool Vulnerability
2022-05-31 15:15:16
Metasploit Weekly Wrap-Up
2022-06-10 18:07:05
Metasploit Weekly Wrap-Up
2022-09-02 19:39:21
trellix
trellix
Beyond File Search: A Novel Method
2023-07-26 00:00:00
Beyond File Search: A Novel Method
2023-07-26 00:00:00
openvas
openvas
Microsoft Windows Support Diagnostic Tool (MSDT) RCE Vulnerability (Follina)
2022-06-01 00:00:00
Microsoft Windows Multiple Vulnerabilities (KB5014748)
2022-06-15 00:00:00
Microsoft Windows Multiple Vulnerabilities (KB5014710)
2022-06-15 00:00:00
nessus
nessus
The Microsoft Windows Support Diagnostic Tool (MSDT) RCE Workaround Detection (CVE-2022-30190)
2022-05-31 00:00:00
KB5014743: Windows Server 2008 Security Update (June 2022)
2022-06-14 00:00:00
KB5014742: Windows 7 and Windows Server 2008 R2 Security Update (June 2022)
2022-06-14 00:00:00
threatpost
threatpost
Follina Exploited by State-Sponsored Hackers
2022-06-07 12:45:00
Fancy Bear Uses Nuke Threat Lure to Exploit 1-Click Bug
2022-06-23 12:21:33
Microsoft Releases Workaround for ‘One-Click’ 0Day Under Active Attack
2022-06-01 10:38:37
cve
cve
CVE-2022-30190
2022-06-01 20:15:07
mscve
mscve
cisa
cisa
Microsoft Releases Workaround Guidance for MSDT "Follina" Vulnerability
2022-05-31 00:00:00
talosblog
talosblog
hackerone
hackerone
Reddit: Unrestricted File Upload on reddit.secure.force.com
2022-06-20 09:10:53
checkpoint_advisories
checkpoint_advisories
Microsoft Support Diagnostic Tool Remote Code Execution (CVE-2022-30190)
2022-06-01 00:00:00
kaspersky
kaspersky
KLA12550 RCE vulnerability in Microsoft Products (ESU)
2022-05-30 00:00:00
KLA12549 RCE vulnerability in Microsoft Windows
2022-05-30 00:00:00
zdt
zdt
Microsoft Office Word MSDTJS Code Execution Exploit
2022-06-07 00:00:00
attackerkb
attackerkb
CVE-2022-30190
2022-06-01 00:00:00
pentestpartners
pentestpartners
Follina 0day exploit. Malicious code execution in Office docs
2022-06-01 05:38:30
krebs
krebs
Microsoft Patch Tuesday, June 2022 Edition
2022-06-15 04:52:30
securelist
securelist
IT threat evolution Q2 2022
2022-08-15 12:00:34
Exploits and vulnerabilities in Q2 2024
2024-08-21 10:00:10
avleonov
avleonov
googleprojectzero
googleprojectzero
2022 0-day In-the-Wild Exploitation…so far
2022-06-30 00:00:00
mskb
mskb
June 14, 2022—KB5014742 (Security-only update)
2022-06-14 07:00:00
June 14, 2022—KB5014748 (Monthly Rollup)
2022-06-14 07:00:00
June 14, 2022—KB5014710 (OS Build 10240.19325) - EXPIRED
2022-06-14 07:00:00
ics
ics
2022 Top Routinely Exploited Vulnerabilities
2023-08-03 12:00:00
CVSS2
9.3
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:M/Au:N/C:C/I:C/A:C
CVSS3
7.8
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
EPSS
0.963
Percentile
99.6%
Related for 296ECE66-CC92-53E6-9959-06669247F867