CVE-2008-6898

Exploitation Summary

EIP tracks 4 public exploits for CVE-2008-6898. PoCs published by Metasploit, blake, callAX, including Metasploit module exploits/windows/fileformat/sascam_get.

AI-analyzed exploit summary This Metasploit module exploits a buffer overflow in the SasCam Webcam Server ActiveX control via the Get() method. It generates an HTML file with malicious JavaScript to trigger the vulnerability and execute arbitrary shellcode.

Description

Buffer overflow in the XHTTP Module 4.1.0.0 in the ActiveX control for SaschArt SasCam Webcam Server 2.6.5 allows remote attackers to cause a denial of service (crash) or execute arbitrary code via a long argument to the Get method and other unspecified methods.

Exploits (4)

exploitdb WORKING POC VERIFIED

by Metasploit · rubyremotewindows

https://www.exploit-db.com/exploits/16641

View Code ZIP pw:eip

This Metasploit module exploits a buffer overflow in the SasCam Webcam Server ActiveX control via the Get() method. It generates an HTML file with malicious JavaScript to trigger the vulnerability and execute arbitrary shellcode.

Classification

Working Poc 95%

Attack Type

Rce

Complexity

Moderate

Reliability

Reliable

Target: SasCam Webcam Server v2.6.5

No auth needed

Prerequisites: Victim must open the malicious HTML file in a vulnerable browser with the ActiveX control installed

MITRE ATT&CK

T1189 - Drive-by Compromise T1203 - Exploitation for Client Execution

devstral-2 · analyzed Feb 16, 2026 Full analysis →

exploitdb WORKING POC VERIFIED

by blake · htmlremotewindows

https://www.exploit-db.com/exploits/14195

View Code ZIP pw:eip

This exploit targets a vulnerability in an ActiveX control (CLSID: 0297D24A-F425-47EE-9F3B-A459BCE593E3) via a buffer overflow, leveraging SEH overwrite to execute shellcode. The payload is a bind shell on port 4444, tested on Windows XP SP3 with IE7.

Classification

Working Poc 95%

Attack Type

Rce

Complexity

Moderate

Reliability

Reliable

Target: Unknown ActiveX control (CLSID: 0297D24A-F425-47EE-9F3B-A459BCE593E3)

No auth needed

Prerequisites: Victim must visit a malicious webpage using Internet Explorer with the vulnerable ActiveX control installed

MITRE ATT&CK

T1189 - Drive-by Compromise T1203 - Exploitation for Client Execution

devstral-2 · analyzed Feb 16, 2026 Full analysis →

exploitdb WORKING POC VERIFIED

by callAX · htmlremotewindows

https://www.exploit-db.com/exploits/7617

View Code ZIP pw:eip

This exploit targets a buffer overflow vulnerability in SasCam WebCam Server 2.6.5's XHTTP Module v4.1.0.0. It uses a VBScript payload to trigger a stack-based overflow via an ActiveX control, executing shellcode that opens a reverse shell on port 4444.

Classification

Working Poc 95%

Attack Type

Rce

Complexity

Moderate

Reliability

Reliable

Target: SasCam WebCam Server Version 2.6.5 Belus Technology Inc. XHTTP Module v4.1.0.0

No auth needed

Prerequisites: Victim must visit a malicious webpage using Internet Explorer · ActiveX control must be enabled

MITRE ATT&CK

T1189 - Drive-by Compromise T1203 - Exploitation for Client Execution T1059.005 - Visual Basic

devstral-2 · analyzed Feb 16, 2026 Full analysis →

metasploit WORKING POC LOW

rubypocwin

https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/windows/fileformat/sascam_get.rb

View Code ZIP pw:eip

This Metasploit module exploits a buffer overflow in the SasCam Webcam Server ActiveX control via the Get() method. It generates an HTML file with malicious JavaScript to trigger the overflow and execute arbitrary shellcode on Windows XP SP3 with IE 7.

Classification

Working Poc 95%

Attack Type

Rce

Complexity

Moderate

Reliability

Reliable

Target: SasCam Webcam Server v.2.6.5

No auth needed

Prerequisites: Victim must open the malicious HTML file in Internet Explorer 7 · ActiveX control must be installed and not marked safe for scripting

MITRE ATT&CK