EIP-2026-115777

PRE-CVE

Microsoft Windows - 'cmd.exe' Unicode Buffer Overflow (SEH)

Title source: legacy

Exploitation Summary

EIP tracks 1 public exploit for EIP-2026-115777. PoCs published by bitform.

AI-analyzed exploit summary This is a writeup describing a non-exploitable Unicode buffer overflow in cmd.exe's TYPE command when used with an overly long extension for the CON device file. The vulnerability is mitigated by SafeSEH protections in cmd.exe and its DLLs.

Description

Microsoft Windows - 'cmd.exe' Unicode Buffer Overflow (SEH)

Exploits (1)

exploitdb WRITEUP VERIFIED

by bitform · textdoswindows

https://www.exploit-db.com/exploits/14282

View Code ZIP pw:eip

This is a writeup describing a non-exploitable Unicode buffer overflow in cmd.exe's TYPE command when used with an overly long extension for the CON device file. The vulnerability is mitigated by SafeSEH protections in cmd.exe and its DLLs.

Classification

Writeup 90%

Attack Type

Dos

Complexity

Trivial

Reliability

Theoretical

Target: Windows cmd.exe (Windows Server 2003 SP2, Windows XP SP2)

No auth needed

Prerequisites: Access to a Windows command prompt

MITRE ATT&CK

T1203 - Exploitation for Client Execution

devstral-2 · analyzed Feb 16, 2026 Full analysis →

Details

Status pre_cve

Tracked Since Feb 18, 2026