Skip to content
/ MSDT_Doc_generator Public

The Follina vulnerability in a Windows support tool can be easily exploited by a specially crafted Word document. The lure is outfitted with a remote template that can retrieve a malicious HTML file and ultimately allow an attacker to execute Powershell commands within Windows.

4 stars 1 fork Branches Tags Activity
Star
Notifications

warren2i/MSDT_Doc_generator

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

2 Commits

docx

docx

 
 

temp

temp

 
 

follina.py

follina.py

 
 

readme.md

readme.md

 
 

Repository files navigation

Microsoft MSDT Follina Docx generator

The Follina vulnerability in a Windows support tool can be easily exploited by a specially crafted Word document. The lure is outfitted with a remote template that can retrieve a malicious HTML file and ultimately allow an attacker to execute Powershell commands within Windows.

CVE-2022-30190

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-30190

Guidance for CVE-2022-30190 Microsoft Support Diagnostic Tool Vulnerability

https://msrc-blog.microsoft.com/2022/05/30/guidance-for-cve-2022-30190-microsoft-support-diagnostic-tool-vulnerability/

Usage

git clone https://github.com/warren2i/MSDT_Doc_generator.git

to generate a document using the defaults (http://127.0.0.1:8000/index.html)

python follina.py

to generate a custom document

python follina.py -f <filename> -h <host ip> -p <hostport>

About

The Follina vulnerability in a Windows support tool can be easily exploited by a specially crafted Word document. The lure is outfitted with a remote template that can retrieve a malicious HTML file and ultimately allow an attacker to execute Powershell commands within Windows.

Topics

microsoft windows powershell office365 follina msdt

Resources

Readme
Activity

Stars

4 stars

Watchers

1 watching

Forks

1 fork
Report repository

Releases

No releases published

Packages

No packages published

Languages