OP 03 June, 2022 - 09:54 PM
DESCRIPTION
The vulnerability allows a remote attacker to execute arbitrary shell commands on the target system.
The vulnerability exists due to improper input validation when processing the URL in the Microsoft Windows Support Diagnostic Tool (MSDT). A remote, unauthenticated attacker can trick the victim into opening a specially crafted file, which calls the ms-msdt tool and executes arbitrary OS commands on the target system.
Successful exploitation of this vulnerability can lead to the complete compromise of the vulnerable system.
Note that the vulnerability is actively exploited in the wild.
UPDATED
The vulnerability resides in MSTD and not in Microsoft Word. Microsoft Word is an attack vector, not a source of vulnerability.
VIRUSTOTAL : 06-2022-0438.doc (Vulnérable doc Windows)
![[Image: unknown.png?width=1440&height=296]](https://external-content.duckduckgo.com/iu/?u=https%3A%2F%2Fmedia.discordapp.net%2Fattachments%2F969537784803106827%2F982368481691451402%2Funknown.png%3Fwidth%3D1440%26amp%3Bheight%3D296)
![[Image: FTxayH0acAEKw9y.jpeg?width=885&height=700]](https://external-content.duckduckgo.com/iu/?u=https%3A%2F%2Fmedia.discordapp.net%2Fattachments%2F969537784803106827%2F982368776328716318%2FFTxayH0acAEKw9y.jpeg%3Fwidth%3D885%26amp%3Bheight%3D700)
Soon a new thread for the exploit for what they already want the exploit of the videos are already online on the internet as well as in pdf.
(BEST 0Day EXPLOIT 2022)
The vulnerability allows a remote attacker to execute arbitrary shell commands on the target system.
The vulnerability exists due to improper input validation when processing the URL in the Microsoft Windows Support Diagnostic Tool (MSDT). A remote, unauthenticated attacker can trick the victim into opening a specially crafted file, which calls the ms-msdt tool and executes arbitrary OS commands on the target system.
Successful exploitation of this vulnerability can lead to the complete compromise of the vulnerable system.
Note that the vulnerability is actively exploited in the wild.
UPDATED
The vulnerability resides in MSTD and not in Microsoft Word. Microsoft Word is an attack vector, not a source of vulnerability.
VIRUSTOTAL : 06-2022-0438.doc (Vulnérable doc Windows)
Spoiler:
Soon a new thread for the exploit for what they already want the exploit of the videos are already online on the internet as well as in pdf.
(BEST 0Day EXPLOIT 2022)
![[Image: androidcourse.gif]](https://external-content.duckduckgo.com/iu/?u=https%3A%2F%2Fi.postimg.cc%2FR0QpQkwS%2Fandroidcourse.gif)
![[Image: ExMleYZ.png]](https://i.imgur.com/ExMleYZ.png)
![[Image: clloudcat.gif]](https://external-content.duckduckgo.com/iu/?u=https%3A%2F%2Fi.postimg.cc%2FJn0nRqh8%2Fclloudcat.gif)
