Activity Feed

CVE-2022-33638

Description:

An attacker could host a specially crafted website designed to exploit the vulnerability through Microsoft Edge and then convince a user to view the website. However, in all cases, an attacker would have no way to force a user to view the attacker-controlled content. Instead, an attacker would have to convince a user to take action, typically by an enticement in an email or instant message, by getting the user to open an attachment sent through email, or send a chat message with a malicious with malicious attachment link.

STATUS:

• Medium Vulnerability;
  

WARNING!

• Dear all, usual Users, please keep your Windows Defender – Turned ON!
  
• Don’t try to be heroes!
  

Note!

• Windows Defender can protect you from an attack like this!
  
• This malicious web page is made on hand, and this will not be uploaded!
  
• For security reasons. From Microsoft are restricted a vectorizing attack technique on their domains, but not in 100% ;)
  
• The exploit will not be uploaded!
  

Proof and Exploit:

href

CVE-2022-30174

Description:

Microsoft Office Remote Code Execution Vulnerability.
This attack requires a specially crafted file to be placed either in an online directory or in a local network location.
When a victim runs this file, it loads the malicious DLL or EXE file.

WARNING:

Use your Windows Defender turned on and update him regularly!!!

Conclusion:

• • So. I’ve decided to test this stupid and forever stupid thing MS Office 365 which is from 7 maybe 10 years just like that. Some things will never change.
    

• Tested on Windows 11.

• 365 don’t give a f*** what you give him to execute, it depends on the lure…

• For the usual users: If you don’t have some virus protection software, you are lost…😯 😝 🤫 😛 😎

• STATUS: Medium vulnerability but it is there! Watch out, dear friends! 😎

Proof and Exploit:

href