Attacker Value
High
(2 users assessed)
Exploitability
High
(2 users assessed)
User Interaction
Required
Privileges Required
None
Attack Vector
Local
3

CVE-2022-30174

Disclosure Date: June 15, 2022
Add MITRE ATT&CK tactics and techniques that apply to this CVE.
Privilege Escalation
Techniques
Validation
Validated
Validated
Validated
Validated
Validated
Validated

Description

Microsoft Office Remote Code Execution Vulnerability

Add Assessment

0
Ratings
Technical Analysis

CVE-2022-30174

Description:

Microsoft Office Remote Code Execution Vulnerability.
This attack requires a specially crafted file to be placed either in an online directory or in a local network location.
When a victim runs this file, it loads the malicious DLL or EXE file.

WARNING:

Use your Windows Defender turned on and update him regularly!!!

Conclusion:

    • So. I’ve decided to test this stupid and forever stupid thing MS Office 365 which is from 7 maybe 10 years just like that. Some things will never change.
  • Tested on Windows 11.

  • 365 don’t give a f*** what you give him to execute, it depends on the lure…

  • For the usual users: If you don’t have some virus protection software, you are lost…😯 😝 🤫 😛 😎

  • STATUS: Medium vulnerability but it is there! Watch out, dear friends! 😎

Proof and Exploit:

href

CVSS V3 Severity and Metrics
Base Score:
7.8 High
Impact Score:
5.9
Exploitability Score:
1.8
Vector:
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Attack Vector (AV):
Local
Attack Complexity (AC):
Low
Privileges Required (PR):
None
User Interaction (UI):
Required
Scope (S):
Unchanged
Confidentiality (C):
High
Integrity (I):
High
Availability (A):
High

General Information

Vendors

  • microsoft

Products

  • 365 apps -,
  • office long term servicing channel 2021

Additional Info

Technical Analysis