Microsoft Excel Use After Free – Local Code Execution

• CVE-2025-27751

Titles:…

# Titles: Microsoft Excel Use After Free – Local Code Execution

# Author: nu11secur1ty

# Date: 06/09/2025

# Vendor: Microsoft

# Software: https://www.microsoft.com/en/microsoft-365/excel?market=af

# Reference: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-27751

# Versions: MS Excel 2016, MS Office Online Server KB5002699

# CVE-2025-27751

## Description:

The attacker can trick any user into opening and executing their code by

sending a malicious DOCX file via email or a streaming server.

After the execution of the victim, his machine can be infected or even

worse than ever; this could be the end of his Windows machine!

STATUS: HIGH-CRITICAL Vulnerability

[+]Exploit:

“`

Sub hello()

Dim Program As String

Dim TaskID As Double

On Error Resume Next

—————————————

Program = “WRITE YOUR OWN EXPLOIT HERE”

TaskID = …YOUR TASK HERE…

—————————————

If Err <> 0 Then

MsgBox “Can’t start ” & Program

End If

End Sub

“`

# Reproduce:

[href](https://www.youtube.com/watch?v=ArI0ZeChYE4)

# Buy an exploit only:

[href](https://satoshidisk.com/pay/COb5oS)

# Time spent:

00:35:00

—

System Administrator – Infrastructure Engineer

Penetration Testing Engineer

Exploit developer at https://packetstormsecurity.com/

https://cve.mitre.org/index.html

https://cxsecurity.com/ and https://www.exploit-db.com/

0day Exploit DataBase https://0day.today/

home page: https://www.nu11secur1ty.com/

hiPEnIMR0v7QCo/+SEH9gBclAAYWGnPoBIQ75sCj60E=

nu11secur1ty

—

System Administrator – Infrastructure Engineer

Penetration Testing Engineer

Exploit developer at https://packetstorm.news/

https://cve.mitre.org/index.html

https://cxsecurity.com/ and https://www.exploit-db.com/

0day Exploit DataBase https://0day.today/

home page: https://www.nu11secur1ty.com/

hiPEnIMR0v7QCo/+SEH9gBclAAYWGnPoBIQ75sCj60E=

nu11secur1ty