CVE-2010-4742

Moxa ActiveX SDK <2.2.0.5 - Buffer Overflow

Title source: llm

Exploitation Summary

EIP tracks 2 public exploits for CVE-2010-4742. PoCs published by Metasploit, MC, including Metasploit module exploits/windows/fileformat/moxa_mediadbplayback.

AI-analyzed exploit summary This Metasploit module exploits a stack buffer overflow in MOXA MediaDBPlayback ActiveX Control (CVE-2010-4742) by sending an overly long string to the PlayFileName() method, allowing arbitrary code execution.

Description

Stack-based buffer overflow in a certain ActiveX control in MediaDBPlayback.DLL 2.2.0.5 in the Moxa ActiveX SDK allows remote attackers to execute arbitrary code via a long PlayFileName property value.

Exploits (2)

exploitdb WORKING POC VERIFIED

by Metasploit · rubyremotewindows

https://www.exploit-db.com/exploits/16685

View Code ZIP pw:eip

This Metasploit module exploits a stack buffer overflow in MOXA MediaDBPlayback ActiveX Control (CVE-2010-4742) by sending an overly long string to the PlayFileName() method, allowing arbitrary code execution.

Classification

Working Poc 95%

Attack Type

Rce

Complexity

Moderate

Reliability

Reliable

Target: MOXA_ActiveX_SDK MediaDBPlayback.DLL 2.2.0.5

No auth needed

Prerequisites: Victim must open the malicious HTML file in a vulnerable browser with the ActiveX control installed

MITRE ATT&CK

T1189 - Drive-by Compromise T1203 - Exploitation for Client Execution

devstral-2 · analyzed Feb 16, 2026 Full analysis →

metasploit WORKING POC NORMAL

by MC · rubypocwin

https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/windows/fileformat/moxa_mediadbplayback.rb

View Code ZIP pw:eip

This Metasploit module exploits a stack buffer overflow in MOXA MediaDBPlayback ActiveX Control (2.2.0.5) via an overly long string passed to the PlayFileName() method, allowing arbitrary code execution. The exploit uses JavaScript to trigger the vulnerability in Internet Explorer.

Classification

Working Poc 95%

Attack Type

Rce

Complexity

Moderate

Reliability

Reliable

Target: MOXA MediaDBPlayback ActiveX Control 2.2.0.5

No auth needed

Prerequisites: Victim must open the malicious HTML file in a vulnerable version of Internet Explorer

MITRE ATT&CK

T1189 - Drive-by Compromise T1203 - Exploitation for Client Execution

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (3)

Core 3

Core References

Third Party Advisory, VDB Entry vdb-entry x_refsource_osvdb

http://www.osvdb.org/68986

Exploit x_refsource_misc

http://www.metasploit.com/modules/exploit/windows/fileformat/moxa_mediadbplayback

Exploit x_refsource_misc

http://reversemode.com/index.php?option=com_content&task=view&id=70&Itemid=1

Scores

EPSS 0.5637

EPSS Percentile 98.9%

Details

CWE

CWE-119

Status published

Products (1)

moxa/activex_sdk

Published Feb 18, 2011

Tracked Since Feb 18, 2026