EIP-2026-117505

PRE-CVE

Microsoft Power Point 2016 - Java Code Execution

Title source: legacy

Exploitation Summary

EIP tracks 1 public exploit for EIP-2026-117505. PoCs published by Fady Mohammed Osman.

AI-analyzed exploit summary This exploit leverages Microsoft PowerPoint's ability to embed and execute arbitrary file types (e.g., JAR files) via object insertion and mouse interaction. The PoC demonstrates code execution by embedding a Java payload in a PPSX file, which triggers when the user moves or clicks the mouse over the object.

Description

Microsoft Power Point 2016 - Java Code Execution

Exploits (1)

exploitdb WORKING POC

by Fady Mohammed Osman · textlocalwindows

https://www.exploit-db.com/exploits/41144

View Code ZIP pw:eip

This exploit leverages Microsoft PowerPoint's ability to embed and execute arbitrary file types (e.g., JAR files) via object insertion and mouse interaction. The PoC demonstrates code execution by embedding a Java payload in a PPSX file, which triggers when the user moves or clicks the mouse over the object.

Classification

Working Poc 90%

Attack Type

Rce

Complexity

Trivial

Reliability

Reliable

Target: Microsoft PowerPoint 2016 (MSO 16.0.4266.1001) on Windows 7 x64 SP1 (unpatched)

No auth needed

Prerequisites: Unpatched Windows 7 SP1 · Java Runtime Environment (JRE) installed · User interaction (mouse movement/click)

MITRE ATT&CK

T1204 - User Execution T1059 - Command and Scripting Interpreter

devstral-2 · analyzed Feb 19, 2026 Full analysis →

Details

Status pre_cve

Tracked Since Feb 18, 2026