CVE-2012-0267

ntr_activex_control < 1.1.8 - Remote Code Execution via StopModule lModule Parameter

Title source: manual
STIX 2.1

Exploitation Summary

EIP tracks 2 public exploits for CVE-2012-0267. PoCs published by Metasploit, Carsten Eiram, juan vazquez, including Metasploit module exploits/windows/browser/ntr_activex_stopmodule.

AI-analyzed exploit summary This Metasploit module exploits a memory dereference vulnerability in the NTR ActiveX Control's StopModule() method, allowing remote code execution via a malicious web page targeting Internet Explorer 6 or 7.

Description

The StopModule method in the NTR ActiveX control before 2.0.4.8 allows remote attackers to execute arbitrary code via a crafted lModule parameter that triggers use of an arbitrary memory address as a function pointer.

Exploits (2)

exploitdb WORKING POC VERIFIED
by Metasploit · rubyremotewindows
https://www.exploit-db.com/exploits/21839

This Metasploit module exploits a memory dereference vulnerability in the NTR ActiveX Control's StopModule() method, allowing remote code execution via a malicious web page targeting Internet Explorer 6 or 7.

Classification
Working Poc 100%
Attack Type
Rce
Complexity
Moderate
Reliability
Reliable
Target: NTR ActiveX Control 1.1.8.0
No auth needed
Prerequisites: Victim must visit a malicious web page using Internet Explorer 6 or 7 · NTR ActiveX Control must be installed
devstral-2 · analyzed Feb 16, 2026 Full analysis →
metasploit WORKING POC NORMAL
by Carsten Eiram, juan vazquez · rubypocwin
https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/windows/browser/ntr_activex_stopmodule.rb

This Metasploit module exploits a memory corruption vulnerability in the NTR ActiveX Control (CVE-2012-0267) by manipulating the `StopModule()` method to dereference a controlled pointer, leading to arbitrary code execution. The exploit uses heap spraying and JavaScript obfuscation to achieve reliability across multiple IE versions.

Classification
Working Poc 100%
Attack Type
Rce
Complexity
Moderate
Reliability
Reliable
Target: NTR ActiveX Control 1.1.8.0
No auth needed
Prerequisites: Victim must visit a malicious web page using Internet Explorer 6 or 7 on Windows XP SP3 or Vista
devstral-2 · analyzed Feb 19, 2026 Full analysis →

References (4)

Core 4
Core References
Third Party Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/45166
Exploit, Third Party Advisory exploit x_refsource_exploit-db
http://www.exploit-db.com/exploits/21839
Third Party Advisory, VDB Entry vdb-entry x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/72295
Vendor Advisory x_refsource_misc
http://secunia.com/secunia_research/2012-2/

Scores

EPSS 0.7328
EPSS Percentile 98.8%

Details

CWE
CWE-20
Status published
Products (1)
ntrglobal/ntr_activex_control < 1.1.8
Published Jan 15, 2012
Tracked Since Feb 18, 2026