CVE-2008-2551

Exploitation Summary

CVE-2008-2551 has been observed exploited in the wild (reported by VulnCheck KEV). EIP tracks 3 public exploits from researchers including Metasploit, Nine:Situations:Group, Unknown, juan vazquez, including a Metasploit module exploits/windows/browser/c6_messenger_downloaderactivex.

AI-analyzed exploit summary This Metasploit module exploits a vulnerability in Icona SpA C6 Messenger's DownloaderActiveX control to download and execute arbitrary files. It leverages an insecure ActiveX control to achieve remote code execution in the context of the logged-on user.

Description

The DownloaderActiveX Control (DownloaderActiveX.ocx) in Icona SpA C6 Messenger 1.0.0.1 allows remote attackers to force the download and execution of arbitrary files via a URL in the propDownloadUrl parameter with the propPostDownloadAction parameter set to "run."

Exploits (3)

exploitdb WORKING POC VERIFIED

by Metasploit · rubyremotewindows

https://www.exploit-db.com/exploits/18449

View Code ZIP pw:eip

This Metasploit module exploits a vulnerability in Icona SpA C6 Messenger's DownloaderActiveX control to download and execute arbitrary files. It leverages an insecure ActiveX control to achieve remote code execution in the context of the logged-on user.

Classification

Working Poc 100%

Attack Type

Rce

Complexity

Trivial

Reliability

Reliable

Target: Icona SpA C6 Messenger 1.0.0.1

No auth needed

Prerequisites: Target must be using Internet Explorer with the vulnerable ActiveX control installed · Target must visit a malicious webpage hosting the exploit

MITRE ATT&CK

T1189 - Drive-by Compromise T1203 - Exploitation for Client Execution

devstral-2 · analyzed Feb 16, 2026 Full analysis →

exploitdb WORKING POC VERIFIED

by Nine:Situations:Group · htmlremotewindows

https://www.exploit-db.com/exploits/5732

View Code ZIP pw:eip

This exploit leverages an unsafe ActiveX control in C6 Messenger to remotely download and execute arbitrary files. The vulnerability arises from improper validation of the 'propDownloadUrl' and 'propPostDownloadAction' parameters, allowing remote code execution.

Classification

Working Poc 95%

Attack Type

Rce

Complexity

Trivial

Reliability

Reliable

Target: C6 Messenger (DownloaderActiveX Control)

No auth needed

Prerequisites: Victim must visit a malicious webpage using Internet Explorer · C6 Messenger DownloaderActiveX control must be installed

MITRE ATT&CK

T1189 - Drive-by Compromise T1203 - Exploitation for Client Execution

devstral-2 · analyzed Feb 16, 2026 Full analysis →

metasploit WORKING POC EXCELLENT

by Unknown, juan vazquez · rubypocwin

https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/windows/browser/c6_messenger_downloaderactivex.rb

View Code ZIP pw:eip

This Metasploit module exploits a vulnerability in the Icona SpA C6 Messenger DownloaderActiveX control to download and execute arbitrary files. It leverages an insecure ActiveX control to achieve remote code execution by crafting a malicious HTML page that triggers the download and execution of a payload.

Classification

Working Poc 100%

Attack Type

Rce

Complexity

Trivial

Reliability

Reliable

Target: Icona SpA C6 Messenger 1.0.0.1

No auth needed

Prerequisites: Target must be using Internet Explorer with the vulnerable ActiveX control installed · Target must visit a malicious webpage hosting the exploit

MITRE ATT&CK

T1189 - Drive-by Compromise T1203 - Exploitation for Client Execution

devstral-2 · analyzed Feb 19, 2026 Full analysis →