Microsoft Windows Support Diagnostic Tool (MSDT) Remote Code Execution Vulnerability (POC)
Title: Microsoft Windows Support Diagnostic Tool (MSDT) Remote Code Execution Vulnerability (POC) CVE-2022-30190
INTRODUCTION
A remote code execution vulnerability exists when MSDT is called using the URL protocol from a calling application such as Word. An attacker who successfully exploits this vulnerability can run arbitrary code with the privileges of the calling application. The attacker can then install programs, view, change, or delete data, or create new accounts in the context allowed by the user’s rights.
PROOF OF CONCEPT
Vulnerability: MS-MSDT Remote Code Execution
Reported On: Monday, May 30, 2022
POC, created by: Krishna Singh – InfoSec Consultant (eSecForte Technologies)
Approved by: Saurabh Seth – VP Information Security
Steps Involved: