支持本站 — 捐款将帮助我们持续运营

目标: 1000 元,已筹: 1000

100.0%
立即捐款
获取后续新漏洞提醒登录后订阅
一、 漏洞 CVE-2022-30190 基础信息
漏洞信息
对漏洞内容有疑问?看看神龙的深度分析是否有帮助!
查看神龙十问 ↗

尽管我们使用了先进的大模型技术,但其输出仍可能包含不准确或过时的信息。神龙努力确保数据的准确性,但请您根据实际情况进行核实和判断。

Vulnerability Title
Microsoft Windows Support Diagnostic Tool (MSDT) Remote Code Execution Vulnerability
来源: 美国国家漏洞数据库 NVD
Vulnerability Description
A remote code execution vulnerability exists when MSDT is called using the URL protocol from a calling application such as Word. An attacker who successfully exploits this vulnerability can run arbitrary code with the privileges of the calling application. The attacker can then install programs, view, change, or delete data, or create new accounts in the context allowed by the user’s rights. Please see the MSRC Blog Entry for important information about steps you can take to protect your system from this vulnerability.
来源: 美国国家漏洞数据库 NVD
CVSS Information
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
来源: 美国国家漏洞数据库 NVD
Vulnerability Type
N/A
来源: 美国国家漏洞数据库 NVD
Vulnerability Title
Microsoft Windows Support Diagnostic Tool 操作系统命令注入漏洞
来源: 中国国家信息安全漏洞库 CNNVD
Vulnerability Description
Microsoft Windows Support Diagnostic Tool是美国微软(Microsoft)公司的收集信息以发送给 Microsoft 支持的工具。 Microsoft Windows Support Diagnostic Tool (MSDT)存在操作系统命令注入漏洞。以下产品和版本受到影响:Windows 10 Version 1809 for 32-bit Systems,Windows 10 Version 1809 for x64-based Systems,Windows
来源: 中国国家信息安全漏洞库 CNNVD
CVSS Information
N/A
来源: 中国国家信息安全漏洞库 CNNVD
Vulnerability Type
N/A
来源: 中国国家信息安全漏洞库 CNNVD
受影响产品
厂商产品影响版本CPE订阅
MicrosoftWindows 10 Version 1809 10.0.17763.0 ~ 10.0.17763.3046 -
MicrosoftWindows 10 Version 1809 10.0.0 ~ 10.0.17763.3046 -
MicrosoftWindows Server 2019 10.0.17763.0 ~ 10.0.17763.3046 -
MicrosoftWindows Server 2019 (Server Core installation) 10.0.17763.0 ~ 10.0.17763.3046 -
MicrosoftWindows 10 Version 21H1 10.0.0 ~ 10.0.19043.1766 -
MicrosoftWindows Server 2022 10.0.20348.0 ~ 10.0.20348.770 -
MicrosoftWindows 10 Version 20H2 10.0.0 ~ 10.0.19042.1766 -
MicrosoftWindows Server version 20H2 10.0.0 ~ 10.0.19042.1766 -
MicrosoftWindows 11 version 21H2 10.0.0 ~ 10.0.22000.739 -
MicrosoftWindows 10 Version 21H2 10.0.19043.0 ~ 10.0.19044.1766 -
MicrosoftWindows 10 Version 1507 10.0.10240.0 ~ 10.0.10240.19325 -
MicrosoftWindows 10 Version 1607 10.0.14393.0 ~ 10.0.14393.5192 -
MicrosoftWindows Server 2016 10.0.14393.0 ~ 10.0.14393.5192 -
MicrosoftWindows Server 2016 (Server Core installation) 10.0.14393.0 ~ 10.0.14393.5192 -
MicrosoftWindows 7 6.1.0 ~ 6.1.7601.25984 -
MicrosoftWindows 7 Service Pack 1 6.1.0 ~ 6.1.7601.25984 -
MicrosoftWindows 8.1 6.3.0 ~ 6.3.9600.20402 -
MicrosoftWindows Server 2008 R2 Service Pack 1 6.1.7601.0 ~ 6.1.7601.25984 -
MicrosoftWindows Server 2008 R2 Service Pack 1 (Server Core installation) 6.1.7601.0 ~ 6.1.7601.25984 -
MicrosoftWindows Server 2012 6.2.9200.0 ~ 6.2.9200.23736 -
MicrosoftWindows Server 2012 (Server Core installation) 6.2.9200.0 ~ 6.2.9200.23736 -
MicrosoftWindows Server 2012 R2 6.3.9600.0 ~ 6.3.9600.20402 -
MicrosoftWindows Server 2012 R2 (Server Core installation) 6.3.9600.0 ~ 6.3.9600.20402 -
二、漏洞 CVE-2022-30190 的公开POC
#POC 描述源链接神龙链接
1CVE-2022-30190 (Exploit Microsoft)https://github.com/flux10n/CVE-2022-30190POC详情
2POC CVE-2022-30190 : CVE 0-day MS Offic RCE aka msdt follinahttps://github.com/JMousqueton/PoC-CVE-2022-30190POC详情
3CVE-2022-30190https://github.com/zkl21hoang/msdt-follina-office-rcePOC详情
4CVE-2022-30190 Follina POChttps://github.com/onecloudemoji/CVE-2022-30190POC详情
5Nonehttps://github.com/2867a0/CVE-2022-30190POC详情
6Microsoft Office Word Rce 复现(CVE-2022-30190)https://github.com/doocop/CVE-2022-30190POC详情
7This Repository Talks about the Follina MSDT from Defender Perspectivehttps://github.com/archanchoudhury/MSDT_CVE-2022-30190POC详情
8Aka Follina = benign POC.https://github.com/rickhenderson/cve-2022-30190POC详情
9Picking up processes that have triggered ASR related to CVE-2022-30190https://github.com/DOV3Y/CVE-2022-30190-ASR-Senintel-Process-PickupPOC详情
10CVE-2022-30190- A Zero-Click RCE Vulnerability In MSDThttps://github.com/kdk2933/msdt-CVE-2022-30190POC详情
11Microsoft Sentinel analytic rule and hunting queries in ASIM for activity of MSDT and CVE-2022-30190.https://github.com/sentinelblue/CVE-2022-30190POC详情
12Nonehttps://github.com/aymankhder/MSDT_CVE-2022-30190-follina-POC详情
13CVE-2022-30190 remediation via removal of ms-msdt from Windows registryhttps://github.com/PaddlingCode/cve-2022-30190POC详情
14Follina MS-MSDT 0-day MS Office RCE (CVE-2022-30190) PoC in Gohttps://github.com/dwisiswant0/gollinaPOC详情
15Nonehttps://github.com/hscorpion/CVE-2022-30190POC详情
16Just another PoC for the new MSDT-Exploithttps://github.com/drgreenthumb93/CVE-2022-30190-follinaPOC详情
17Nonehttps://github.com/mitespsoc/CVE-2022-30190-POCPOC详情
18Nonehttps://github.com/Vaisakhkm2625/MSDT-0-Day-CVE-2022-30190-PocPOC详情
19An NSIS script that helps deploy and roll back the mitigation registry patch for CVE-2022-30190 as recommended by Microsofthttps://github.com/rouben/CVE-2022-30190-NSISPOC详情
20Removes the ability for MSDT to run, in response to CVE-2022-30190 (Follina)https://github.com/Cosmo121/Follina-RemediationPOC详情
21CVE-2022-30190 or "Follina" 0day proof of concepthttps://github.com/rayorole/CVE-2022-30190POC详情
22Proof of Concept zu MSDT-Follina - CVE-2022-30190. ÜBERPRÜFUNG DER WIRKSAMKEIT VON MICROSOFT DEFNEDER IN DER JEWEILS AKTUELLSTEN WINDOWS 10 VERSION.https://github.com/ImproveCybersecurityJaro/2022_PoC-MSDT-Follina-CVE-2022-30190POC详情
23MS-MSDT Follina CVE-2022-30190 PoC document generatorhttps://github.com/sudoaza/CVE-2022-30190POC详情
24MSDT protocol disabler (CVE-2022-30190 patch tool)https://github.com/gamingwithevets/msdt-disablePOC详情
25A tool written in Go that scans files & directories for the Follina exploit (CVE-2022-30190)https://github.com/ErrorNoInternet/FollinaScannerPOC详情
26Nonehttps://github.com/ITMarcin2211/CVE-2022-30190POC详情
27Mitigates the "Folina"-ZeroDay (CVE-2022-30190)https://github.com/derco0n/mitigate-folinaPOC详情
28CVE-2022-30190-follina.py-修改版,可以自定义word模板,方便实战中钓鱼使用。https://github.com/komomon/CVE-2022-30190-follina-Office-MSDT-FixedPOC详情
29Nonehttps://github.com/gyaansastra/CVE-2022-30190POC详情
30Nonehttps://github.com/swaiist/CVE-2022-30190-FixPOC详情
31The CVE-2022-30190-follina Workarounds Patchhttps://github.com/suenerve/CVE-2022-30190-Follina-PatchPOC详情
32PDQ Package I created for CVE-2022-30190https://github.com/castlesmadeofsand/ms-msdt-vulnerability-pdq-packagePOC详情
33Simple Follina poc exploithttps://github.com/WesyHub/CVE-2022-30190---Follina---Poc-ExploitPOC详情
34CVE-2022-30190 | MS-MSDT Follina One Clickhttps://github.com/AchocolatechipPancake/MS-MSDT-Office-RCE-FollinaPOC详情
35A very simple MSDT "Follina" exploit **patched**https://github.com/arozx/CVE-2022-30190POC详情
36All about CVE-2022-30190, aka follina, that is a RCE vulnerability that affects Microsoft Support Diagnostic Tools (MSDT) on Office apps such as Word. This is a very simple POC, feel free to check the sources below for more threat intelligence.https://github.com/Noxtal/follinaPOC详情
37This is to patch CVE-2022-30190. Use at your own risk. https://github.com/droidrzrlover/CVE-2022-30190POC详情
38Powershell script to mitigate cve-2022-30190https://github.com/hilt86/cve-2022-30190-mitigatePOC详情
39Follina POC by John Hammondhttps://github.com/SrikeshMaharaj/CVE-2022-30190POC详情
40Nonehttps://github.com/DerZiad/CVE-2022-30190POC详情
41Nonehttps://github.com/tej7gandhi/CVE-2022-30190-Zero-Click-Zero-Day-in-msdtPOC详情
42Nonehttps://github.com/ItsNee/Follina-CVE-2022-30190-POCPOC详情
43Microsoft MS-MSDT Follina (0-day Vulnerability) CVE-2022-30190 Attack Vectorhttps://github.com/IamVSM/msdt-follinaPOC详情
44Désactivation du protocole MSDT URL (CVE-2022-30190) avec gestion des erreurs et de l'exit code pour un déploiement en massehttps://github.com/Rojacur/FollinaPatcherCLIPOC详情
45Microsoft Support Diagnostic Tool (CVE-2022-30190)https://github.com/joshuavanderpoll/CVE-2022-30190POC详情
46Notes related to CVE-2022-30190https://github.com/abhirules27/FollinaPOC详情
47Server to host/activate Follina payloads & generator of malicious Word documents exploiting the MS-MSDT protocol. (CVE-2022-30190)https://github.com/dsibilio/follina-springPOC详情
48Proof of Concept of CVE-2022-30190https://github.com/Malwareman007/DeathnotePOC详情
49Nonehttps://github.com/sentrium-security/Follina-Workaround-CVE-2022-30190POC详情
50Exploit Microsoft Zero-Day Vulnerability Follina (CVE-2022-30190)https://github.com/Hrishikesh7665/Follina_Exploiter_CLIPOC详情
51Repository containing the compromised certificate seen in recent CVE-2022-30190 (Follina) attacks.https://github.com/b401/Clickstudio-compromised-certificatePOC详情
52Mitigation for CVE-2022-30190https://github.com/k508/CVE-2022-30190POC详情
53proof of concept to CVE-2022-30190 (follina)https://github.com/amitniz/follina_cve_2022-30190POC详情
54this is my simple article about CVE 2022-30190 (Follina) analysis. I use the lab from Letsdefend.https://github.com/Abdibimantara/CVE-2022-30190-Analysis-With-LetsDefends-LabPOC详情
55These are two Python scripts compiled to easily and quickly apply temporary protection against the CVE-2022-30190 vulnerability (Follina)https://github.com/SrCroqueta/CVE-2022-30190_Temporary_FixPOC详情
56These are the source codes of the Python scripts to apply the temporary protection against the CVE-2022-30190 vulnerability (Follina)https://github.com/SrCroqueta/CVE-2022-30190_Temporary_Fix_Source_CodePOC详情
57An Unofficial Patch Follina CVE-2022-30190 (patch) by micrisoft Guidelines.https://github.com/SonicWave21/Follina-CVE-2022-30190-Unofficial-patchPOC详情
58CVE-2022-30190 : CVE 0-day MS Offic RCE aka msdt follina https://github.com/nanaao/PicusSecurity4.Week.RepoPOC详情
59Python file scanner created in 2021 scanning for known and potential vulnshttps://github.com/XxToxicScriptxX/CVE-2022-30190POC详情
60Nonehttps://github.com/ernestak/CVE-2022-30190POC详情
61Nonehttps://github.com/ernestak/Sigma-Rule-for-CVE-2022-30190POC详情
62Extract payload URLs from Follina (CVE-2022-30190) docx and rtf fileshttps://github.com/MalwareTech/FollinaExtractorPOC详情
63Nonehttps://github.com/notherealhazard/follina-CVE-2022-30190POC详情
64follina zero day vulnerability to help Microsoft to mitigate the attackhttps://github.com/Cerebrovinny/follina-CVE-2022-30190POC详情
65Educational Follina PoC Toolhttps://github.com/ethicalblue/Follina-CVE-2022-30190-SamplePOC详情
66Follina (CVE-2022-30190) proof-of-concepthttps://github.com/Lucaskrell/go_follinaPOC详情
67This is exploit of CVE-2022-30190 on PowerPoint.https://github.com/Gra3s/CVE-2022-30190_EXP_PowerPointPOC详情
68Detection and Remediation of the Follina MSDT Vulnerability (CVE-2022-30190)https://github.com/EkamSinghWalia/Follina-MSDT-Vulnerability-CVE-2022-30190-POC详情
69A Fullstack Academy Cybersecurity project examining the full cycle of the Follina (CVE-2022-30190) vulnerability, from exploit to detection and defense.https://github.com/jeffreybxu/five-nights-at-follina-sPOC详情
70A proof of concept for CVE-2022-30190 (Follina).https://github.com/winstxnhdw/CVE-2022-30190POC详情
71this is a demo attack of FOLLINA exploit , a vulnerability that has been discovered in May 2022 and stood unpatched until June 2022https://github.com/Imeneallouche/Follina-attack-CVE-2022-30190-POC详情
72Implementation of CVE-2022-30190 in Chttps://github.com/mattjmillner/CVE-SmackdownPOC详情
73A Command Line based python tool for exploit Zero-Day vulnerability in MSDT (Microsoft Support Diagnostic Tool) also know as 'Follina' CVE-2022-30190.https://github.com/0xAbbarhSF/FollinaXploitPOC详情
74Nonehttps://github.com/michealadams30/Cve-2022-30190POC详情
75CVE-2022-30190(follina)https://github.com/melting0256/Enterprise-CybersecurityPOC详情
76Nonehttps://github.com/yrkuo/CVE-2022-30190POC详情
77Implementation of FOLLINA-CVE-2022-30190https://github.com/ToxicEnvelope/FOLLINA-CVE-2022-30190POC详情
78An exploitation of CVE-2022-30190 (Follina)https://github.com/meowhua15/CVE-2022-30190POC详情
79Follina (CVE-2022-30190) is a Microsoft Office zero-day vulnerability that has recently been discovered. It’s a high-severity vulnerability that hackers can leverage for remote code execution (RCE) attacks.https://github.com/aminetitrofine/CVE-2022-30190POC详情
80Nonehttps://github.com/Muhammad-Ali007/Follina_MSDT_CVE-2022-30190POC详情
81An automated attack chain based on CVE-2022-30190, 163 email backdoor, and image steganography.https://github.com/Jump-Wang-111/AmzWordPOC详情
82A tool written in Go that scans files & directories for the Follina exploit (CVE-2022-30190)https://github.com/shri142/ZipScanPOC详情
83CVE-2022-30190 | MS-MSDT Follina One Clickhttps://github.com/0xflagplz/MS-MSDT-Office-RCE-FollinaPOC详情
84The script is from https://github.com/JohnHammond/msdt-follina, just make it simple for me to use it and this script aim at generating the payload for more information refer the johnn hammond linkhttps://github.com/alien-keric/CVE-2022-30190POC详情
85For learning purpose did a complete analysis on CVE-2022-30190 "Follina" POChttps://github.com/skitkat/CVE-2022-30190-POCPOC详情
86Educational Follina PoC Toolhttps://github.com/Captain404/Follina-CVE-2022-30190-PoC-samplePOC详情
87An exploitation of CVE-2022-30190 (Follina)https://github.com/hycheng15/CVE-2022-30190POC详情
88CVE-2022-30190 Proof-Of-Concepthttps://github.com/madbaiu/CVE-2022-30190POC详情
89Follina (CVE-2022-30190) proof-of-concepthttps://github.com/Zitchev/go_follinaPOC详情
90Educational Follina PoC Toolhttps://github.com/Nyx2022/Follina-CVE-2022-30190-SamplePOC详情
91PoC of CVE-2022-30190https://github.com/Potato-9257/CVE-2022-30190_pagePOC详情
92Project on CVE-2022-30190 exploitation and mitigation strategieshttps://github.com/yeep1115/ICT287_CVE-2022-30190_ExploitPOC详情
93CVE-2022-30190https://github.com/0x7a6b4c/msdt-follina-office-rcePOC详情
94These are two Python scripts compiled to easily and quickly apply temporary protection against the CVE-2022-30190 vulnerability (Follina)https://github.com/JotaQC/CVE-2022-30190_Temporary_FixPOC详情
95These are the source codes of the Python scripts to apply the temporary protection against the CVE-2022-30190 vulnerability (Follina)https://github.com/JotaQC/CVE-2022-30190_Temporary_Fix_Source_CodePOC详情
96Project Repository for Exploitation, Detection and Mitigation of Folina Vulnerability (CVE-2022-30190) https://github.com/RathoreAbhiii/Folina-Vulnerability-Exploitation-Detection-and-MitigationPOC详情
97Mitigation for CVE-2022-30190https://github.com/cyberdashy/CVE-2022-30190POC详情
98A Command Line based python tool for exploit Zero-Day vulnerability in MSDT (Microsoft Support Diagnostic Tool) also know as 'Follina' CVE-2022-30190.https://github.com/ar2o3/FollinaXploitPOC详情
99Exploration of the Follina (CVE-2022-30190) Microsoft Office vulnerability, including a detailed analysis, proof-of-concept exploitation in a controlled lab, and mitigation strategies. For educational and research purposes only.https://github.com/seinab-ibrahim/Follina-Vulnerability-CVE-2022-30190-Exploit-AnalysisPOC详情
100We are presented with a security alert indicating the detection of the Follina (CVE-2022-30190) vulnerability. A malicious Word document triggered msdt.exe execution, suggesting possible remote code execution on the host JonasPRD. Our task is to investigate the alert, confirm exploitation, assess impact, and recommend remediation.https://github.com/Arkha-Corvus/LetsDefend-SOC173-Follina-0-Day-DetectedPOC详情
101The script is from https://github.com/JohnHammond/msdt-follina, just make it simple for me to use it and this script aim at generating the payload for more information refer the johnn hammond linkhttps://github.com/alienkeric/CVE-2022-30190POC详情
102Nonehttps://github.com/nimesh895/Malware-Analysis-Follina-CVE-2022-30190POC详情
AI 生成 POC高级

未找到公开 POC。

登录以生成 AI POC
三、漏洞 CVE-2022-30190 的情报信息
Please 登录 to view more intelligence information
四、漏洞 CVE-2022-30190 的评论

暂无评论

发表评论