POC详情: be26432f4e182068c5b0d790e7d29f1786a36758

来源
https://github.com/mbanyamer/mbanyamer-Microsoft-PowerPoint-Use-After-Free-Remote-Code-Execution-RCE
关联漏洞
标题: Microsoft Office PowerPoint 资源管理错误漏洞 (CVE-2025-47175)
描述:Microsoft Office PowerPoint是美国微软(Microsoft)公司的一个用于制作、演示文稿(PPT)的软件。 Microsoft Office PowerPoint存在资源管理错误漏洞。攻击者利用该漏洞可以远程执行代码。以下产品和版本受到影响:Microsoft Office 2019 for 32-bit editions,Microsoft Office 2019 for 64-bit editions,Microsoft 365 Apps for Enterprise for
描述
This repository contains a Proof of Concept (PoC) exploit for the **CVE-2025-47175** vulnerability found in Microsoft PowerPoint.   The vulnerability is a Use-After-Free (UAF) bug that allows an attacker to execute arbitrary code by tricking a user into opening a specially crafted PPTX file.
介绍

# CVE-2025-47175 - Microsoft PowerPoint Use-After-Free (UAF) Remote Code Execution PoC

## Overview

This repository contains a Proof of Concept (PoC) exploit for the **CVE-2025-47175** vulnerability found in Microsoft PowerPoint.  
The vulnerability is a Use-After-Free (UAF) bug that allows an attacker to execute arbitrary code by tricking a user into opening a specially crafted PPTX file.

---

## Description

- **Vulnerability:** Use-After-Free (UAF) in Microsoft PowerPoint  
- **CVE ID:** CVE-2025-47175  
- **Affected Versions:** Microsoft PowerPoint 2019 and Office 365 versions prior to June 2025 Patch (KB5002689)  
- **Attack Vector:** Local — requires victim to open a crafted PPTX file  
- **Impact:** Remote Code Execution (RCE)  

This PoC script generates a malicious PPTX file designed to trigger the UAF vulnerability. Opening the generated file in a vulnerable PowerPoint version may lead to arbitrary code execution.

---

## Usage

```bash
python3 exploit_cve2025_47175.py [options]
```

### Options

| Option          | Description                               | Default                              |
|-----------------|-------------------------------------------|------------------------------------|
| `-o`, `--output` | Output PPTX filename                      | `exploit_cve_2025_47175.pptx`      |
| `-i`, `--id`     | Shape ID (integer)                        | `1234`                             |
| `-n`, `--name`   | Shape Name (string)                       | `MaliciousShape`                   |
| `-t`, `--text`   | Trigger text inside the slide             | `This content triggers CVE-2025-47175 UAF vulnerability.` |

### Example

```bash
python3 exploit_cve2025_47175.py -o evil.pptx -i 5678 -n "BadShape" -t "Triggering CVE-2025-47175 now!"
```

---

## Disclaimer

This PoC is for educational and research purposes only. Unauthorized use against systems without explicit permission is illegal. The author is not responsible for any misuse of this code.

---

## Author

Mohammed Idrees Banyamer  
- Instagram: [@banyamer_security](https://instagram.com/banyamer_security)  
- GitHub: [https://github.com/mbanyamer](https://github.com/mbanyamer)  

---

## References

- [Microsoft Security Update Guide](https://msrc.microsoft.com/update-guide)  
- [Exploit-DB](https://www.exploit-db.com/?author=12252)
文件快照

 [4.0K]  /data/pocs/be26432f4e182068c5b0d790e7d29f1786a36758
├── [5.3K]  CVE2025-47175.py
├── [ 34K]  LICENSE
└── [2.3K]  README.md

0 directories, 3 files
神龙机器人已为您缓存
备注
    1. 建议优先通过来源进行访问。
    2. 如果因为来源失效或无法访问,请发送邮箱到 f.jinxu#gmail.com 索取本地快照(把 # 换成 @)。
    3. 神龙已为您对POC代码进行快照,为了长期维护,请考虑为本地POC付费,感谢您的支持。