Trivia What do you think of this "MS WORD" expoit? (Can it pwn you, or Run RCE?)

[PHC-TheGlock]

This is the recently discovered follina exploit which is assigned as CVE-2022-30190. it allows the attacker to get a Remote Code
Execution (RCE) on your computer. in-order to trigger this exploit, the user need not even open the maldoc, he/she just needs to preview it!
the vulnerability lies in the ms-msdt url protocol -windows blindly executes code when this protocol is used along with some parameters and a Powershell Expression.

It can run Malicious commands and HΔck/Delete your files. And it can even Spam RICKROLL

I have tried writing a script of an exploit myself and it was powerful, i hope you guys be aware of opening and downloading DOCX. file and clicking Buttons :> .

I have prepared some of the workaround fix to avoid this kind of attack.

You do not have permission to view the full content of this post. Log in or register now.

Keep Save bros. And i'm hoping you to be well aware of this. :>

 

[Kirasukie]

Tanonh ko lang boss. Ilang bese pwede magamit ang key product ni ms excel?

 

[PHC-TheGlock]

Tanonh ko lang boss. Ilang bese pwede magamit ang key product ni ms excel?

It depends ata. Alam ko may expiration yan eh.

 

[Kirasukie]

Walang nakalagay na expiration. Meaning lifetime to. Pero di ko alam kung isang device lang siguro.

 

[lilTeapot]

patingin bg gawa mong script boss hehe

 

[PHC-TheGlock]

patingin bg gawa mong script boss hehe

Its NOT allowed here.. And creating scripts are not straightforward to create also it needed to OBF it

 

[Away From Keyboard]

anong magandang version nang ms office? yung kaya nang 2 gig memory windows 7?

 

[plhbg1]

let google docs open the file

 

[PHC-TheGlock]

let google docs open the file

Prolly not a good idea..

Why?
because it uses a MSDT URL protocol, if you open or even preview it. The payload will execute. thats why i mentioned POWERFUL.
It can be also exploited using javascript for executing the payload and run secretly without your consent or even gawing palaman sa mga Software.
(The exploit only works on Windows 7 and up)

 

[plhbg1]

Prolly not a good idea..

Why?
because it uses a MSDT URL protocol, if you open or even preview it. The payload will execute. thats why i mentioned POWERFUL.
It can be also exploited using javascript for executing the payload and run secretly without your consent or even gawing palaman sa mga Software.
(The exploit only works on Windows 7 and up)

si google na nga ang nag open kasi wala akong naka install na office sa PC ko, kaya ba niya i-häçk si google?

 

[PHC-TheGlock]

si google na nga ang nag open kasi wala akong naka install na office sa PC ko, kaya ba niya i-häçk si google?

I mean yung file mismo nag eexecute ng payload which is the MSDT URI scheme...
(BUT idk if google docs allowing something to execute a URI in their reader, yan lang sa pagkakaalam ko, pero its up to you.)

Basta if kung galing sa non-trusted sites yung file or nakareceive ka ng random email na may (.docx) file wag mong nalang buksan. :>