Activity Feed

Indicated source as
Indicated source as
0
Ratings
  • Attacker Value
    Medium
  • Exploitability
    Medium
Technical Analysis

CVE-2022-33638

Description:

An attacker could host a specially crafted website designed to exploit the vulnerability through Microsoft Edge and then convince a user to view the website. However, in all cases, an attacker would have no way to force a user to view the attacker-controlled content. Instead, an attacker would have to convince a user to take action, typically by an enticement in an email or instant message, by getting the user to open an attachment sent through email, or send a chat message with a malicious with malicious attachment link.

STATUS:

  • Medium Vulnerability;

WARNING!

  • Dear all, usual Users, please keep your Windows Defender – Turned ON!
  • Don’t try to be heroes!

Note!

  • Windows Defender can protect you from an attack like this!
  • This malicious web page is made on hand, and this will not be uploaded!
  • For security reasons. From Microsoft are restricted a vectorizing attack technique on their domains, but not in 100% ;)
  • The exploit will not be uploaded!

Proof and Exploit:

href

Indicated source as
Indicated source as
0
Ratings
Technical Analysis

CVE-2022-30174

Description:

Microsoft Office Remote Code Execution Vulnerability.
This attack requires a specially crafted file to be placed either in an online directory or in a local network location.
When a victim runs this file, it loads the malicious DLL or EXE file.

WARNING:

Use your Windows Defender turned on and update him regularly!!!

Conclusion:

    • So. I’ve decided to test this stupid and forever stupid thing MS Office 365 which is from 7 maybe 10 years just like that. Some things will never change.
  • Tested on Windows 11.

  • 365 don’t give a f*** what you give him to execute, it depends on the lure…

  • For the usual users: If you don’t have some virus protection software, you are lost…😯 😝 🤫 😛 😎

  • STATUS: Medium vulnerability but it is there! Watch out, dear friends! 😎

Proof and Exploit:

href