EIP-2026-115731

PRE-CVE

Microsoft Internet Explorer 9 - IEFRAME CMarkupPointer::MoveToGap Use-After-Free

Title source: legacy

Exploitation Summary

EIP tracks 1 public exploit for EIP-2026-115731. PoCs published by Skylined.

AI-analyzed exploit summary This exploit demonstrates a use-after-free vulnerability in Microsoft Internet Explorer 9's handling of CDATASection objects in SVG. The PoC triggers the bug by manipulating the splitText method, leading to potential memory corruption.

Description

Microsoft Internet Explorer 9 - IEFRAME CMarkupPointer::MoveToGap Use-After-Free

Exploits (1)

exploitdb WORKING POC

by Skylined · doswindows

https://www.exploit-db.com/exploits/40933

View Code ZIP pw:eip

This exploit demonstrates a use-after-free vulnerability in Microsoft Internet Explorer 9's handling of CDATASection objects in SVG. The PoC triggers the bug by manipulating the splitText method, leading to potential memory corruption.

Classification

Working Poc 90%

Attack Type

Rce

Complexity

Moderate

Reliability

Theoretical

Target: Microsoft Internet Explorer 9

No auth needed

Prerequisites: Target must open a specially crafted SVG file in Internet Explorer 9 · JavaScript must be enabled

MITRE ATT&CK

T1068 - Exploitation for Privilege Escalation

devstral-2 · analyzed Feb 16, 2026 Full analysis →

Details

Status pre_cve

Tracked Since Feb 18, 2026

EIP-2026-115731

Microsoft Internet Explorer 9 - IEFRAME CMarkup­Pointer::Move­To­Gap Use-After-Free

Exploitation Summary

Description

Exploits (1)

Details

Microsoft Internet Explorer 9 - IEFRAME CMarkupPointer::MoveToGap Use-After-Free