by vicarius
log in join community
by @khurram.arif
12 Nov 2022
#cve_analysis

Write a blog analysis for a CVE

publish

Microsoft Support Diagnostic Tool Remote Code Execution Vulnerability - CVE-2022-30190

by @khurram.arif
by @khurram.arif
12 Nov 2022
#cve_analysis

Write a blog analysis for a CVE

publish

Microsoft Support Diagnostic Tool Remote Code Execution Vulnerability - CVE-2022-30190

CVEs

CVE-2022-30190
7.8 High Severity

OS

Windows 8.1
Windows 8.1Microsoft
6.3.9600.20520.*
6.3.9600.20520.*
RT.*
*.*
*.*
*.*
*.*
-.*
-.*
-.*
WR8
Windows RT 8.1Microsoft
6.3.9600.20520.*
*.*
*.*
*.*
-.*
-.*
-.*
Windows Server 2012
Windows Server 2012Microsoft
6.2.9200.24116.*
R2.*
R2.*
R2.SP1
R2.*
R2.*
R2.*
R2.*
R2.SP1
R2.*
Windows Server 2016
Windows Server 2016Microsoft
10.0.14393.6614.*
10.0.14393.5717.*
20H2.*
1909.*
1903.*
*.*
2019.*
1803.*
1709.*
1607.*
Windows Server 2019
Windows Server 2019Microsoft
10.0.17763.5329.*
10.0.17763.4010.*
18411.*
18409.*
18409.*
18409.2019
1909.*
1903.*
*.*
1809.2019

Screenshots from the blog posts

blog-posts/images/cladoihu86lmn0koi8u4hcrs8.jpgblog-posts/images/cladoihu86lmn0koi8u4hcrs8.jpg

Summary

ZERO-DAY vulnerability reported in May, 2022 remote code execution vulnerability exists when MSDT is called using the URL protocol from a calling application such as Microsoft Word.

Description

Tags

#CVE-2022-30190#MSDT#remotecodeexecution
users/photos/cl9u4ikuuft0d0llg3b78egln.png

@khurram.arif

11 posts

Total vcoins

11.3K

Comments (0)