CVE-2008-0955

Creative Software AutoUpdate Engine - Stack-based Buffer Overflow via CacheFolder Property

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 3 public exploits for CVE-2008-0955. PoCs published by Metasploit, BitKrush, MC, including Metasploit module exploits/windows/browser/creative_software_cachefolder.

AI-analyzed exploit summary This exploit targets a stack buffer overflow in Creative Software AutoUpdate Engine's ActiveX control (CTSUEng.ocx) via the cachefolder() property. It delivers a malicious HTML page with obfuscated JavaScript to trigger the vulnerability and execute arbitrary shellcode.

Description

Stack-based buffer overflow in the Creative Software AutoUpdate Engine ActiveX control in CTSUEng.ocx allows remote attackers to execute arbitrary code via a long CacheFolder property value.

Exploits (3)

exploitdb WORKING POC VERIFIED
by Metasploit · rubyremotewindows
https://www.exploit-db.com/exploits/16539

This exploit targets a stack buffer overflow in Creative Software AutoUpdate Engine's ActiveX control (CTSUEng.ocx) via the cachefolder() property. It delivers a malicious HTML page with obfuscated JavaScript to trigger the vulnerability and execute arbitrary shellcode.

Classification
Working Poc 95%
Attack Type
Rce
Complexity
Moderate
Reliability
Reliable
Target: Creative Software AutoUpdate Engine (CTSUEng.ocx)
No auth needed
Prerequisites: Victim must visit a malicious webpage · ActiveX control must be installed and enabled
devstral-2 · analyzed Feb 16, 2026 Full analysis →
exploitdb WORKING POC VERIFIED
by BitKrush · htmlremotewindows
https://www.exploit-db.com/exploits/5681

This is a working proof-of-concept exploit for CVE-2008-0955, targeting a stack-based buffer overflow in the Creative Software AutoUpdate Engine ActiveX control. The exploit uses a long string to overflow the CacheFolder property, leading to SEH overwrite and execution of shellcode that launches calc.exe.

Classification
Working Poc 95%
Attack Type
Rce
Complexity
Moderate
Reliability
Reliable
Target: Creative Software AutoUpdate Engine ActiveX (CLSID: 0A5FD7C5-A45C-49FC-ADB5-9952547D5715)
No auth needed
Prerequisites: Victim must visit a malicious webpage hosting the exploit · ActiveX control must be installed and not killed via kill-bit
devstral-2 · analyzed Feb 16, 2026 Full analysis →
metasploit WORKING POC NORMAL
by MC · rubypocwin
https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/windows/browser/creative_software_cachefolder.rb

This Metasploit module exploits a stack buffer overflow in Creative Software AutoUpdate Engine via an overly long string to the cachefolder() property of CTSUEng.ocx, allowing arbitrary code execution.

Classification
Working Poc 100%
Attack Type
Rce
Complexity
Moderate
Reliability
Reliable
Target: Creative Software AutoUpdate Engine (CTSUEng.ocx)
No auth needed
Prerequisites: Target must have the vulnerable ActiveX control installed and enabled in Internet Explorer
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (6)

Core 6
Core References
Third Party Advisory, VDB Entry vdb-entry x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/42673
US Government Resource third-party-advisory x_refsource_cert-vn
http://www.kb.cert.org/vuls/id/501843
Vendor Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/30403
Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/29391
Third Party Advisory vdb-entry x_refsource_vupen
http://www.vupen.com/english/advisories/2008/1668
Exploit, Third Party Advisory exploit x_refsource_exploit-db
https://www.exploit-db.com/exploits/5681

Scores

EPSS 0.4123
EPSS Percentile 98.5%

Details

CWE
CWE-119
Status published
Products (1)
creative/creative_software_autoupdate_engine
Published May 29, 2008
Tracked Since Feb 18, 2026