Skip to content

Commit 1bb93dd

Browse files
msjenkins-r7msjenkins-r7
committed
automatic module_metadata_base.json update
1 parent c751ef4 commit 1bb93dd

File tree

1 file changed

+60
-0
lines changed

1 file changed

+60
-0
lines changed

db/modules_metadata_base.json

Lines changed: 60 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -132409,6 +132409,66 @@
132409132409
"session_types": false,
132410132410
"needs_cleanup": null
132411132411
},
132412+
"exploit_windows/fileformat/word_msdtjs_rce": {
132413+
"name": "Microsoft Office Word MSDTJS",
132414+
"fullname": "exploit/windows/fileformat/word_msdtjs_rce",
132415+
"aliases": [
132416+
132417+
],
132418+
"rank": 600,
132419+
"disclosure_date": "2022-05-29",
132420+
"type": "exploit",
132421+
"author": [
132422+
"nao sec",
132423+
"mekhalleh (RAMELLA Sébastien)"
132424+
],
132425+
"description": "This module generates a malicious Microsoft Word document that when loaded, will leverage the remote template\n feature to fetch an `HTML` document and then use the `ms-msdt` scheme to execute `PowerShell` code.",
132426+
"references": [
132427+
"CVE-2022-30190",
132428+
"URL-https://www.reddit.com/r/blueteamsec/comments/v06w2o/suspected_microsoft_word_zero_day_in_the_wild/",
132429+
"URL-https://twitter.com/nao_sec/status/1530196847679401984?t=3Pjrpdog_H6OfMHVLMR5eQ&s=19",
132430+
"URL-https://app.any.run/tasks/713f05d2-fe78-4b9d-a744-f7c133e3fafb/",
132431+
"URL-https://doublepulsar.com/follina-a-microsoft-office-code-execution-vulnerability-1a47fce5629e",
132432+
"URL-https://twitter.com/GossiTheDog/status/1531608245009367040",
132433+
"URL-https://github.com/JMousqueton/PoC-CVE-2022-30190"
132434+
],
132435+
"platform": "Windows",
132436+
"arch": "x86, x64",
132437+
"rport": null,
132438+
"autofilter_ports": [
132439+
132440+
],
132441+
"autofilter_services": [
132442+
132443+
],
132444+
"targets": [
132445+
"Microsoft Office Word"
132446+
],
132447+
"mod_time": "2022-06-02 00:58:20 +0000",
132448+
"path": "/modules/exploits/windows/fileformat/word_msdtjs_rce.rb",
132449+
"is_install_path": true,
132450+
"ref_name": "windows/fileformat/word_msdtjs_rce",
132451+
"check": false,
132452+
"post_auth": false,
132453+
"default_credential": false,
132454+
"notes": {
132455+
"AKA": [
132456+
"Follina"
132457+
],
132458+
"Stability": [
132459+
"crash-safe"
132460+
],
132461+
"Reliability": [
132462+
"unreliable-session"
132463+
],
132464+
"SideEffects": [
132465+
"ioc-in-logs",
132466+
"artifacts-on-disk"
132467+
]
132468+
},
132469+
"session_types": false,
132470+
"needs_cleanup": null
132471+
},
132412132472
"exploit_windows/fileformat/word_mshtml_rce": {
132413132473
"name": "Microsoft Office Word Malicious MSHTML RCE",
132414132474
"fullname": "exploit/windows/fileformat/word_mshtml_rce",

0 commit comments

Comments
 (0)