Vulnerability CVE-2022-30190

Vulnerability CVE-2022-30190

Published: 2022-06-01

Description:

Microsoft Windows Support Diagnostic Tool (MSDT) Remote Code Execution Vulnerability.

See advisories in our WLB2 database:

	Topic	Author	Date
High	Microsoft Office MSDT Follina Proof Of Concept	JMousqueton	01.06.2022
High	Microsoft Office Word MSDTJS Code Execution	Ramella Sebastie...	11.06.2022

Type:

NVD-CWE-noinfo

CVSS2 => (AV:N/AC:M/Au:N/C:C/I:C/A:C)

CVSS Base Score	Impact Subscore	Exploitability Subscore
9.3/10	10/10	8.6/10

Exploit range	Attack complexity	Authentication
Remote	Medium	No required
Confidentiality impact	Integrity impact	Availability impact
Complete	Complete	Complete

Affected software
Microsoft -> Windows server 2012
Microsoft -> Windows 10
Microsoft -> Windows 8.1
Microsoft -> Windows server 2016
Microsoft -> Windows server 2008
Microsoft -> Windows 7
Microsoft -> Windows rt 8.1
Microsoft -> Windows server 2022
Microsoft -> Windows server 2019
Microsoft -> Windows 11

References:

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-30190

http://packetstormsecurity.com/files/167438/Microsoft-Office-Word-MSDTJS-Code-Execution.html

Copyright 2024, cxsecurity.com