CVE-2010-3142

Microsoft Office PowerPoint 2007 - RCE

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 2 public exploits for CVE-2010-3142. PoCs published by storm, TheLeader.

AI-analyzed exploit summary This exploit leverages DLL hijacking in Microsoft Office PowerPoint 2007 by replacing the legitimate 'rpawinet.dll' with a malicious version. The malicious DLL exports functions that trigger a call to 'WinExec' to launch 'calc.exe' when loaded by PowerPoint.

Description

Untrusted search path vulnerability in Microsoft Office PowerPoint 2007 allows local users, and possibly remote attackers, to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse rpawinet.dll that is located in the same folder as a .odp, .pothtml, .potm, .potx, .ppa, .ppam, .pps, .ppt, .ppthtml, .pptm, .pptxml, .pwz, .sldm, .sldx, and .thmx file.

Exploits (2)

exploitdb WORKING POC
by storm · clocalwindows
https://www.exploit-db.com/exploits/14782

This exploit leverages DLL hijacking in Microsoft Office PowerPoint 2007 by replacing the legitimate 'rpawinet.dll' with a malicious version. The malicious DLL exports functions that trigger a call to 'WinExec' to launch 'calc.exe' when loaded by PowerPoint.

Classification
Working Poc 100%
Attack Type
Rce
Complexity
Trivial
Reliability
Reliable
Target: Microsoft Office PowerPoint 2007 SP2 (12.0.6535.5002)
No auth needed
Prerequisites: Victim must open a PowerPoint file (e.g., .ppt, .pptx) in a directory where the malicious 'rpawinet.dll' is placed
MITRE ATT&CK
devstral-2 · analyzed Feb 18, 2026 Full analysis →
exploitdb WORKING POC
by TheLeader · clocalwindows
https://www.exploit-db.com/exploits/14723

This exploit leverages DLL hijacking in Microsoft PowerPoint 2010 by replacing the legitimate pptimpconv.dll with a malicious version. When a user opens a PowerPoint file with specific extensions, the malicious DLL executes arbitrary code (e.g., launching calc.exe).

Classification
Working Poc 100%
Attack Type
Rce
Complexity
Trivial
Reliability
Reliable
Target: Microsoft PowerPoint 2010 (14.0.4760.1000)
No auth needed
Prerequisites: Malicious DLL renamed to pptimpconv.dll · PowerPoint file with vulnerable extension in the same directory
MITRE ATT&CK
devstral-2 · analyzed Feb 18, 2026 Full analysis →

References (2)

Core 2
Core References
Third Party Advisory, VDB Entry vdb-entry signature x_refsource_oval
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12219
Exploit exploit x_refsource_exploit-db
http://www.exploit-db.com/exploits/14782/

Scores

EPSS 0.1631
EPSS Percentile 96.5%

Details

Status published
Products (1)
microsoft/powerpoint 2007
Published Aug 27, 2010
Tracked Since Feb 18, 2026