CVE-2022-30190

CVSS 3.1 Score 7.8 of 10 (HIGH)

Attack Complexity

LOW

Confidentiality

HIGH

Integrity

HIGH

Availability

HIGH

Scope

UNCHANGED

Privileges Required

NONE

Summary

CVE-2022-30190 is a remote code execution vulnerability that affects Microsoft Office components, specifically the Microsoft Support Diagnostic Tool (MSDT). When MSDT is invoked through the URL protocol by applications like Microsoft Word, an attacker can exploit this vulnerability to run arbitrary code with the privileges of the calling application. The potential consequences include installing malware, accessing sensitive data, creating new accounts, and performing other unauthorized actions. Users are strongly advised to follow the guidance provided in the Microsoft Security Response Center blog entry to mitigate this risk.

Details

Published: formatDate( 2022-06-01T20:15:07.983Z )
Updated: formatDate( 2025-01-02T19:16:22.317Z )
CWE ID: CWE-610

Advisories, Assessments, and Mitigations

https://app.recordedfuture.com/live/sc/entity/mgT7lJ
https://www.cve.org/CVERecord?id=CVE-2022-30190
https://nvd.nist.gov/vuln/detail/CVE-2022-30190