CVE-2010-0822

MS11-038 Microsoft Office Excel Malformed OBJ Record Handling Overflow

Title source: metasploit

Exploitation Summary

EIP tracks 4 public exploits for CVE-2010-0822. PoCs published by Metasploit, Abysssec, webDEViL, including Metasploit module exploits/windows/fileformat/ms10_038_excel_obj_bof.

AI-analyzed exploit summary This Metasploit module exploits a stack-based buffer overflow in Microsoft Office Excel 2002 by crafting a malformed OBJ record (0x5D) in an .xls file, leading to arbitrary code execution. The exploit leverages specific memory addresses and a call ecx instruction to redirect execution flow.

Description

Stack-based buffer overflow in Microsoft Office Excel 2002 SP3, Office 2004 for Mac, Office 2008 for Mac, and Open XML File Format Converter for Mac allows remote attackers to execute arbitrary code via an Excel file with a crafted OBJ (0x5D) record, aka "Excel Object Stack Overflow Vulnerability."

Exploits (4)

exploitdb WORKING POC VERIFIED

by Metasploit · rubylocalwindows

https://www.exploit-db.com/exploits/18143

View Code ZIP pw:eip

This Metasploit module exploits a stack-based buffer overflow in Microsoft Office Excel 2002 by crafting a malformed OBJ record (0x5D) in an .xls file, leading to arbitrary code execution. The exploit leverages specific memory addresses and a call ecx instruction to redirect execution flow.

Classification

Working Poc 100%

Attack Type

Rce

Complexity

Moderate

Reliability

Reliable

Target: Microsoft Office Excel 2002 (Office XP SP0/SP3)

No auth needed

Prerequisites: Victim must open the malicious .xls file

MITRE ATT&CK

T1203 - Exploitation for Client Execution T1566.001 - Spearphishing Attachment

devstral-2 · analyzed Feb 18, 2026 Full analysis →

exploitdb WORKING POC VERIFIED

by Abysssec · pythonlocalwindows

https://www.exploit-db.com/exploits/15094

View Code ZIP pw:eip

This exploit generates a malicious Excel file by injecting a shellcode payload into an existing XLS file, targeting a stack overflow vulnerability in Microsoft Excel 2002 and XP (SP3). The shellcode is designed to execute calc.exe, demonstrating arbitrary code execution.

Classification

Working Poc 95%

Attack Type

Rce

Complexity

Moderate

Reliability

Reliable

Target: Microsoft Excel 2002 and XP (SP3)

No auth needed

Prerequisites: An existing XLS file named 'src.xls' to modify

MITRE ATT&CK

T1203 - Exploitation for Client Execution T1059 - Command and Scripting Interpreter

devstral-2 · analyzed Feb 18, 2026 Full analysis →

exploitdb WORKING POC VERIFIED

by webDEViL · pythonlocalwindows

https://www.exploit-db.com/exploits/14361

View Code ZIP pw:eip

This is a functional exploit for CVE-2010-0822, targeting a vulnerability in Microsoft Office Excel. The exploit generates a malicious Excel file (XLS) that, when opened, executes arbitrary code (calc.exe) via a crafted OLE object.

Classification

Working Poc 95%

Attack Type

Rce

Complexity

Moderate

Reliability

Reliable

Target: Microsoft Office Excel 2007 (12.0.4518.1014)

No auth needed

Prerequisites: Victim must open the malicious Excel file

MITRE ATT&CK

T1203 - Exploitation for Client Execution T1566.001 - Spearphishing Attachment

devstral-2 · analyzed Feb 18, 2026 Full analysis →

metasploit WORKING POC NORMAL

by Nicolas Joly · rubypocwin

https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/windows/fileformat/ms10_038_excel_obj_bof.rb

View Code ZIP pw:eip

This Metasploit module exploits a buffer overflow in Microsoft Office Excel 2002 by crafting a malformed OBJ record in an .xls file, leading to arbitrary code execution. It leverages specific memory addresses to control execution flow and execute payloads.

Classification

Working Poc 100%

Attack Type

Rce

Complexity

Moderate

Reliability

Reliable

Target: Microsoft Office Excel 2002 (Office XP SP0/SP3)

No auth needed

Prerequisites: Victim must open the malicious .xls file

MITRE ATT&CK