Skip to content
/ Follina Public

POC to replicate the Follina zero-click vulnerability (DOC and RTF files)

License

MIT license
5 stars 3 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

tiepologian/Follina

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

10 Commits
doc
doc
 
 
rtf
rtf
 
 
.gitignore
.gitignore
 
 
LICENSE
LICENSE
 
 
README.md
README.md
 
 
follina.py
follina.py
 
 

Repository files navigation

Follina Proof of Concept (CVE-2022-30190)

Quick and easy "proof of concept" for the Follina RCE that affects Microsoft Office/365 products. This POC supports both the one-click exploit and the zero-click exploit through RTF files.
Running the script will generate an infected.zip archive that contains two files:

  • A zero-click.rtf file that allows you to test the RCE without opening the file (simply previewing the file will trigger the exploit)
  • A one-click.doc file that triggers the exploit when opened

Usage

  1. Edit follina.py and set COMMAND to execute (defaults to calc), INTERFACE (defaults to eth0) and PORT (defaults to 8000)
  2. Run ./follina.py
  3. Copy and extract the infected.zip on the target machine
  4. From the target machine, open one-click.doc or simply preview zero-click.rtf

About

POC to replicate the Follina zero-click vulnerability (DOC and RTF files)

Resources

Readme

License

MIT license
Activity

Stars

5 stars

Watchers

2 watching

Forks

3 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages