At the time of posting, two document formats were known to allow CVE-2022-30190
exploitation: Microsoft Word
(.docx) and Rich Text Format
(.rtf). The latter is more dangerous for the potential victim because it allows execution of a malicious command even without opening the document — just previewing it in Windows Explorer is enough.