EIP-2026-115019

PRE-CVE

CA Internet Security Suite - 'UmxEventCli.dll' ActiveX Control Arbitrary File Overwrite

Title source: legacy

Exploitation Summary

EIP tracks 1 public exploit for EIP-2026-115019. PoCs published by Nine:Situations:Group.

AI-analyzed exploit summary This exploit leverages an unsafe ActiveX control in CA Internet Security Suite 2008 (UmxEventCli.dll) to overwrite arbitrary files via the SaveToFile() method. The PoC demonstrates file corruption by targeting boot.ini through directory traversal.

Description

CA Internet Security Suite - 'UmxEventCli.dll' ActiveX Control Arbitrary File Overwrite

Exploits (1)

exploitdb WORKING POC VERIFIED

by Nine:Situations:Group · htmldoswindows

https://www.exploit-db.com/exploits/31856

View Code ZIP pw:eip

This exploit leverages an unsafe ActiveX control in CA Internet Security Suite 2008 (UmxEventCli.dll) to overwrite arbitrary files via the SaveToFile() method. The PoC demonstrates file corruption by targeting boot.ini through directory traversal.

Classification

Working Poc 95%

Attack Type

Other

Complexity

Trivial

Reliability

Reliable

Target: CA Internet Security Suite 2008

No auth needed

Prerequisites: Victim must open the malicious HTML file in a browser with ActiveX enabled

MITRE ATT&CK

T1221 - Template Injection T1204 - User Execution

devstral-2 · analyzed Feb 18, 2026 Full analysis →

Details

Status pre_cve

Tracked Since Feb 18, 2026