| Name | office_follina_msdt_exec |
| CVE | CVE-2022-30190 |
| Exploit Pack | CANVAS |
| Description | office_follina_msdt_exec |
| Notes | CVE Name: CVE-2022-30190 NOTES: MSDT allows remote code execution using the URL protocol from a calling application such as Word. An attacker who successfully exploits this vulnerability can run arbitrary code with the privileges of the calling application. Tested against: - Windows 10 Pro 10.0.19044 N/A Build 19044 - Office 2205 (Build 15225.20204) At the time of development all Windows versions seem to be affected, including up to the latest Office release - Office 2205 (Build 15225.20204) CVE Url: https://nvd.nist.gov/vuln/detail/CVE-2022-30190 CVSS: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H Date public: 06/01/2022 |
| Learn more about the CANVAS Exploit Pack here: CANVAS |