Security News > 2022 > June > Follina abuses Microsoft Office to execute remote code
Follina abuses Microsoft Office to execute remote code.
CVE-2022-30190, also known as "Follina", is a remote code execution vulnerability that affects Microsoft Office, reported on May 27, 2022.
Cemerikic adds that "This vulnerability is not specifically synonymous with Microsoft Word or Outlook. Although the only recorded cases so far of this vulnerability being exploited in the wild have been leveraged through the use of Microsoft Word and Outlook, in theory, any office product which handles oleObject relationships is vulnerable. As oleObject relationships are not specific to Word, it is likely that in the future we may see this vulnerability being exploited in other Office applications as well."
Sekoia reports several cases of attacks in the wild exploiting the Follina vulnerability, the first attacks being probably done by Chinese APT threat actors.
Proofpoint reports on Twitter that Chinese threat actor TA413 has been spotted in the wild exploiting the Follina vulnerability, using Zip archive files which contained malicious Word documents in an attack campaign impersonating the "Woman Empowerments Desk" of the Central Tibetan Administration.
Also See Share: Follina abuses Microsoft Office to execute remote code.
News URL
https://www.techrepublic.com/article/follina-abuses-microsoft-office-to-execute-remote-code/
Related Vulnerability
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-06-01 | CVE-2022-30190 | Externally Controlled Reference to a Resource in Another Sphere vulnerability in Microsoft products A remote code execution vulnerability exists when MSDT is called using the URL protocol from a calling application such as Word. | 7.8 |