EIP-2026-104526

PRE-CVE

Novell Client 4.91.5 - ActiveX Control 'nwsetup.dll' Remote Denial of Service (2)

Title source: legacy

Exploitation Summary

EIP tracks 1 public exploit for EIP-2026-104526. PoCs published by Francis Provencher.

AI-analyzed exploit summary This exploit leverages a denial-of-service vulnerability in the Novell Client ActiveX control by instantiating the vulnerable object via its CLSID in an HTML page. The exploit crashes applications using the ActiveX control, such as Internet Explorer.

Description

Novell Client 4.91.5 - ActiveX Control 'nwsetup.dll' Remote Denial of Service (2)

Exploits (1)

exploitdb WORKING POC VERIFIED

by Francis Provencher · htmldosnovell

https://www.exploit-db.com/exploits/33184

View Code ZIP pw:eip

This exploit leverages a denial-of-service vulnerability in the Novell Client ActiveX control by instantiating the vulnerable object via its CLSID in an HTML page. The exploit crashes applications using the ActiveX control, such as Internet Explorer.

Classification

Working Poc 90%

Attack Type

Dos

Complexity

Trivial

Reliability

Reliable

Target: Novell Client 4.91.5.1

No auth needed

Prerequisites: Victim must visit a malicious webpage or open the HTML file

MITRE ATT&CK

T1499 - Endpoint Denial of Service

devstral-2 · analyzed Feb 16, 2026 Full analysis →

Details

Status pre_cve

Tracked Since Feb 18, 2026