by vicarius
log in join community
by @khurram.arif
12 Nov 2022
#cve_analysis

Write a blog analysis for a CVE

publish

Microsoft Support Diagnostic Tool Remote Code Execution Vulnerability - CVE-2022-30190

by @khurram.arif
by @khurram.arif
12 Nov 2022
#cve_analysis

Write a blog analysis for a CVE

publish

Microsoft Support Diagnostic Tool Remote Code Execution Vulnerability - CVE-2022-30190

CVEs

CVE-2022-30190
7.8 High Severity

OS

Windows 8.1
Windows 8.1Microsoft
6.3.9600.20520.*
6.3.9600.20520.*
RT.*
*.*
*.*
*.*
*.*
-.*
-.*
-.*
WR8
Windows RT 8.1Microsoft
6.3.9600.20520.*
*.*
*.*
*.*
-.*
-.*
-.*
Windows Server 2012
Windows Server 2012Microsoft
6.2.9200.25973.*
4117.*
7382.*
NT 6.2.*
7375.*
6.2.9200.25073.*
6.2.9200.24975.*
6.2.9200.25031.*
6.2.9200.24919.*
6.2.9200.24768.*
Windows Server 2016
Windows Server 2016Microsoft
10.0.14393.9140.*
10.0.14393.9062.*
10.0.14393.9060.*
10.0.14393.8957.*
10.0.14393.8868.*
10.0.14393.8688.*
10.0.14393.8783.*
10.0.14393.8594.*
10.0.14393.8524.*
10.0.14393.8519.*
Windows Server 2019
Windows Server 2019Microsoft
10.0.17763.3772.*
10.0.17763.5579.*
10.0.17763.8389.*
10.0.17763.8755.*
10.0.17763.7683.*
10.0.17763.7240.*
10.0.17763.8281.*
10.0.17763.8647.*
10.0.17763.7249.*
10.0.17763.7322.*

Screenshots from the blog posts

blog-posts/images/cladoihu86lmn0koi8u4hcrs8.jpgblog-posts/images/cladoihu86lmn0koi8u4hcrs8.jpg

Summary

ZERO-DAY vulnerability reported in May, 2022 remote code execution vulnerability exists when MSDT is called using the URL protocol from a calling application such as Microsoft Word.

Description

Tags

#CVE-2022-30190#MSDT#remotecodeexecution
users/photos/cl9u4ikuuft0d0llg3b78egln.png

@khurram.arif

11 posts

Total vcoins

0

Comments (0)