CVE-2010-3141

Microsoft PowerPoint 2010 - DLL Hijacking via Untrusted Search Path

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 2 public exploits for CVE-2010-3141. PoCs published by TheLeader.

AI-analyzed exploit summary This exploit leverages DLL hijacking in Microsoft PowerPoint 2010 by replacing the legitimate pptimpconv.dll with a malicious version. When a user opens a PowerPoint file with specific extensions, the malicious DLL executes arbitrary code (e.g., launching calc.exe).

Description

Untrusted search path vulnerability in Microsoft PowerPoint 2010 allows local users, and possibly remote attackers, to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse pptimpconv.dll that is located in the same folder as a .odp, .pot, .potm, .potx, .ppa, .pps, .ppsm, .ppsx, .ppt, .pptm, .pptx, .pwz, .sldm, or .sldx file.

Exploits (2)

exploitdb WORKING POC
by TheLeader · clocalwindows
https://www.exploit-db.com/exploits/14723

This exploit leverages DLL hijacking in Microsoft PowerPoint 2010 by replacing the legitimate pptimpconv.dll with a malicious version. When a user opens a PowerPoint file with specific extensions, the malicious DLL executes arbitrary code (e.g., launching calc.exe).

Classification
Working Poc 100%
Attack Type
Rce
Complexity
Trivial
Reliability
Reliable
Target: Microsoft PowerPoint 2010 (14.0.4760.1000)
No auth needed
Prerequisites: Malicious DLL renamed to pptimpconv.dll · PowerPoint file with vulnerable extension in the same directory
MITRE ATT&CK
devstral-2 · analyzed Feb 18, 2026 Full analysis →
exploitdb WORKING POC
clocalwindows
https://www.exploit-db.com/exploits/14782

This exploit demonstrates a DLL hijacking vulnerability in Microsoft Office PowerPoint 2007 by creating a malicious rpawinet.dll that executes arbitrary code (calc.exe) when loaded. The exploit targets the insecure DLL loading mechanism in PowerPoint 2007 SP2.

Classification
Working Poc 100%
Attack Type
Rce
Complexity
Trivial
Reliability
Reliable
Target: Microsoft Office PowerPoint 2007 SP2 (12.0.6535.5002)
No auth needed
Prerequisites: Victim must open a malicious PowerPoint file in a directory containing the malicious DLL
MITRE ATT&CK
devstral-2 · analyzed Feb 19, 2026 Full analysis →

References (1)

Core 1
Core References
Exploit exploit x_refsource_exploit-db
http://www.exploit-db.com/exploits/14723/

Scores

EPSS 0.1535
EPSS Percentile 96.4%

Details

Status published
Products (1)
microsoft/powerpoint 2010
Published Aug 27, 2010
Tracked Since Feb 18, 2026