Attacker Value
High
(2 users assessed)
Exploitability
High
(2 users assessed)
User Interaction
Unknown
Privileges Required
Unknown
Attack Vector
Unknown
2

CVE-2022-30174

Add MITRE ATT&CK tactics and techniques that apply to this CVE.
Privilege Escalation
Techniques
Validation
Validated
Validated
Validated
Validated
Validated
Validated

Add Assessment

0
Ratings
Technical Analysis

CVE-2022-30174

Description:

Microsoft Office Remote Code Execution Vulnerability.
This attack requires a specially crafted file to be placed either in an online directory or in a local network location.
When a victim runs this file, it loads the malicious DLL or EXE file.

WARNING:

Use your Windows Defender turned on and update him regularly!!!

Conclusion:

    • So. I’ve decided to test this stupid and forever stupid thing MS Office 365 which is from 7 maybe 10 years just like that. Some things will never change.
  • Tested on Windows 11.

  • 365 don’t give a f*** what you give him to execute, it depends on the lure…

  • For the usual users: If you don’t have some virus protection software, you are lost…😯 😝 🤫 😛 😎

  • STATUS: Medium vulnerability but it is there! Watch out, dear friends! 😎

Proof and Exploit:

href

General Information

Vendors

  • Microsoft

Products

  • Microsoft 365 Apps for Enterprise for 32-bit Systems,
  • Microsoft 365 Apps for Enterprise for 64-bit Systems,
  • Microsoft Office LTSC 2021 for 64-bit editions,
  • Microsoft Office LTSC 2021 for 32-bit editions

Additional Info

Technical Analysis