Skip to content
← Browse CVEs

CVE-2022-30190

High · CVSS 7.8EPSS 99.4%CISA KEVCWE-610

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

A remote code execution vulnerability exists when MSDT is called using the URL protocol from a calling application such as Word. An attacker who successfully exploits this vulnerability can run arbitrary code with the privileges of the calling application. The attacker can then install programs, view, change, or delete data, or create new accounts in the context allowed by the user’s rights. Please see the MSRC Blog Entry for important information about steps you can take to protect your system from this vulnerability.

References

NVD MITRE CVE.org CISA KEV

Published

Community ground truth

Community verdict

2 verdicts
Not a real issue

Includes TruePositive's curated baseline from public sources — community verdicts accrue on top.

to add your verdict.

Community real-world severity: High (High 2) — CVSS base score 7.8

In line with its CVSS base score.

Field notes & remediation

Verdicts are the quick signal — notes are the evidence and fixes behind them.

  • 0
    Field note · Sam WhitakerCurated

    MSDT code execution from a Word doc via the ms-msdt: URI — fires from the preview pane / without macros, which is what made it nasty for phishing.

  • 0
    Remediation · Hanna BergCurated

    Patched in the June 2022 CU. Pre-patch mitigation was deleting the ms-msdt URL handler from the registry. Disable MSDT/Troubleshooter access via policy where feasible.