[ 0day (xc) Our ] Microsoft PowerPoint 2019 Remote Code Execution 2025 0day EXPLOIT CODE BY skraito with skraitow … . Enjoy Patching … .

Date: 2025-07-02
Tested on: Microsoft PowerPoint 2019 / Office 365 (version before June 2025 Patch)
CVE: CVE-2025-47175
Type: Use-After-Free (UAF) Remote Code Execution (local user required)
Platform: Windows (PowerPoint)
Author Country: Jordan
Attack Vector: Local (User must open crafted PPTX file)
Description:
This exploit leverages a Use-After-Free vulnerability in Microsoft PowerPoint
allowing an attacker to execute arbitrary code by tricking a user into opening
a specially crafted PPTX file. This PoC generates such a malicious PPTX file
designed to trigger the UAF condition.

Steps of exploitation:

1. Run this script to generate the malicious PPTX file.
2. Send or trick the target user to open this file in a vulnerable PowerPoint version.
3. Exploit triggers upon opening the file, leading to possible code execution. Note: This PoC creates a simplified PPTX file structure with crafted XML designed
   to trigger the vulnerability. For a full exploit, further memory manipulation and shellcode injection
   are required (not included here). Affected Versions:
   Microsoft PowerPoint versions prior to June 2025 patch (KB5002689) Usage:
   python3 exploit_cve2025_47175.py [options] Options:
   -o, –output Output PPTX filename (default: exploit_cve_2025_47175.pptx)
   -i, –id Shape ID (default: 1234)
   -n, –name Shape Name (default: MaliciousShape)
   -t, –text Trigger text inside the slide (default: explanation message) Example:
   python3 exploit_cve2025_47175.py -o evil.pptx -i 5678 -n “BadShape” -t “Triggering CVE-2025-47175 now!”

DOWNLOAD : https://www.worldhacker.org/download-0day.xc.Our.license.apply/0day.xc.Our.Microsoft.Power.Point.2019.Exploit.2025.0day.py