Security News > 2022 > June > Follina abuses Microsoft Office to execute remote code

Follina abuses Microsoft Office to execute remote code
2022-06-02 15:29

Follina abuses Microsoft Office to execute remote code.

CVE-2022-30190, also known as "Follina", is a remote code execution vulnerability that affects Microsoft Office, reported on May 27, 2022.

Cemerikic adds that "This vulnerability is not specifically synonymous with Microsoft Word or Outlook. Although the only recorded cases so far of this vulnerability being exploited in the wild have been leveraged through the use of Microsoft Word and Outlook, in theory, any office product which handles oleObject relationships is vulnerable. As oleObject relationships are not specific to Word, it is likely that in the future we may see this vulnerability being exploited in other Office applications as well."

Sekoia reports several cases of attacks in the wild exploiting the Follina vulnerability, the first attacks being probably done by Chinese APT threat actors.

Proofpoint reports on Twitter that Chinese threat actor TA413 has been spotted in the wild exploiting the Follina vulnerability, using Zip archive files which contained malicious Word documents in an attack campaign impersonating the "Woman Empowerments Desk" of the Central Tibetan Administration.

Also See Share: Follina abuses Microsoft Office to execute remote code.


News URL

https://www.techrepublic.com/article/follina-abuses-microsoft-office-to-execute-remote-code/

Related Vulnerability

DATE CVE VULNERABILITY TITLE RISK
2022-06-01 CVE-2022-30190 Externally Controlled Reference to a Resource in Another Sphere vulnerability in Microsoft products
A remote code execution vulnerability exists when MSDT is called using the URL protocol from a calling application such as Word.
local
low complexity
microsoft CWE-610
7.8

Related vendor

VENDOR LAST 12M #/PRODUCTS LOW MEDIUM HIGH CRITICAL TOTAL VULNS
Microsoft 708 787 4587 4647 3639 13660