CVE-2010-1247

Microsoft Office Excel 2002 SP3 - RCE

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2010-1247. PoCs published by Abysssec.

AI-analyzed exploit summary This Python script generates a malicious Excel file exploiting CVE-2010-1246, a memory corruption vulnerability in Excel 2002 SP3. It crafts a payload with an egg hunter and shellcode to achieve remote code execution (RCE) via a specially formatted XLS file.

Description

Unspecified vulnerability in Microsoft Office Excel 2002 SP3 allows remote attackers to execute arbitrary code via an Excel file with a malformed RTD (0x813) record that triggers heap corruption, aka "Excel Memory Corruption Vulnerability," a different vulnerability than CVE-2010-0823 and CVE-2010-1249.

Exploits (1)

exploitdb WORKING POC VERIFIED

by Abysssec · pythonlocalwindows

https://www.exploit-db.com/exploits/14966

View Code ZIP pw:eip

This Python script generates a malicious Excel file exploiting CVE-2010-1246, a memory corruption vulnerability in Excel 2002 SP3. It crafts a payload with an egg hunter and shellcode to achieve remote code execution (RCE) via a specially formatted XLS file.

Classification

Working Poc 95%

Attack Type

Rce

Complexity

Moderate

Reliability

Reliable

Target: Microsoft Excel 2002 SP3

No auth needed

Prerequisites: Victim must open the malicious XLS file

MITRE ATT&CK