EIP-2026-116091

PRE-CVE

PowerPoint Viewer OCX 3.1 - Remote File Overwrite

Title source: legacy

Exploitation Summary

EIP tracks 1 public exploit for EIP-2026-116091. PoCs published by Stack.

AI-analyzed exploit summary This exploit leverages an unsafe ActiveX control (PowerPoint Viewer OCX v3.1) to write an arbitrary file to the filesystem. The `Save` method is invoked via JavaScript to save a file to `c:\St_.exe`, demonstrating a potential arbitrary file write vulnerability.

Description

PowerPoint Viewer OCX 3.1 - Remote File Overwrite

Exploits (1)

exploitdb WORKING POC VERIFIED

by Stack · htmldoswindows

https://www.exploit-db.com/exploits/7750

View Code ZIP pw:eip

This exploit leverages an unsafe ActiveX control (PowerPoint Viewer OCX v3.1) to write an arbitrary file to the filesystem. The `Save` method is invoked via JavaScript to save a file to `c:\St_.exe`, demonstrating a potential arbitrary file write vulnerability.

Classification

Working Poc 90%

Attack Type

Rce

Complexity

Trivial

Reliability

Reliable

Target: PowerPoint Viewer OCX v3.1

No auth needed

Prerequisites: Victim must open the HTML file in a browser with ActiveX enabled · PowerPoint Viewer OCX v3.1 must be installed

MITRE ATT&CK

T1218 - System Binary Proxy Execution T1176 - Software Extensions

devstral-2 · analyzed Feb 16, 2026 Full analysis →

Details

Status pre_cve

Tracked Since Feb 18, 2026