EIP-2026-115224

PRE-CVE

EvansFTP - 'EvansFTP.ocx' Remote Buffer Overflow (PoC)

Title source: legacy

Exploitation Summary

EIP tracks 1 public exploit for EIP-2026-115224. PoCs published by Bl@ckbe@rD.

AI-analyzed exploit summary This is a functional proof-of-concept exploit for a buffer overflow vulnerability in the EvansFTP ActiveX control. It demonstrates multiple vulnerable properties (e.g., RemoteAddress, ProxyPrefix) that crash when supplied with overly long strings, with specific crash analysis provided.

Description

EvansFTP - 'EvansFTP.ocx' Remote Buffer Overflow (PoC)

Exploits (1)

exploitdb WORKING POC VERIFIED

by Bl@ckbe@rD · htmldoswindows

https://www.exploit-db.com/exploits/7460

View Code ZIP pw:eip

This is a functional proof-of-concept exploit for a buffer overflow vulnerability in the EvansFTP ActiveX control. It demonstrates multiple vulnerable properties (e.g., RemoteAddress, ProxyPrefix) that crash when supplied with overly long strings, with specific crash analysis provided.

Classification

Working Poc 95%

Attack Type

Rce

Complexity

Trivial

Reliability

Reliable

Target: EvansFTP ActiveX Control (EvansFTP.ocx)

No auth needed

Prerequisites: Victim must visit a malicious webpage hosting the exploit · EvansFTP ActiveX control must be installed and enabled

MITRE ATT&CK

T1189 - Drive-by Compromise T1203 - Exploitation for Client Execution

devstral-2 · analyzed Feb 18, 2026 Full analysis →

Details

Status pre_cve

Tracked Since Feb 18, 2026