EIP-2026-103547

PRE-CVE

Microsoft IIS 4.0 / Microsoft JET 3.5/3.5.1 Database Engine - VBA

Title source: legacy

Exploitation Summary

EIP tracks 1 public exploit for EIP-2026-103547. PoCs published by J. Abreu Junior.

AI-analyzed exploit summary This exploit targets a vulnerability in Microsoft's JET database engine, allowing remote command execution via VBA expressions embedded in SQL strings. It leverages the lack of metacharacter filtering in web applications to execute arbitrary commands on the system.

Description

Microsoft IIS 4.0 / Microsoft JET 3.5/3.5.1 Database Engine - VBA

Exploits (1)

exploitdb WORKING POC VERIFIED

by J. Abreu Junior · perldosmultiple

https://www.exploit-db.com/exploits/19228

View Code ZIP pw:eip

This exploit targets a vulnerability in Microsoft's JET database engine, allowing remote command execution via VBA expressions embedded in SQL strings. It leverages the lack of metacharacter filtering in web applications to execute arbitrary commands on the system.

Classification

Working Poc 90%

Attack Type

Rce

Complexity

Moderate

Reliability

Reliable

Target: Microsoft JET Database Engine (ODBC API)

No auth needed

Prerequisites: Access to a vulnerable web application using JET ODBC DSN · Network connectivity to the target server

MITRE ATT&CK

T1190 - Exploit Public-Facing Application T1059 - Command and Scripting Interpreter

devstral-2 · analyzed Feb 16, 2026 Full analysis →

Details

Status pre_cve

Tracked Since Feb 18, 2026