EIP-2026-116219

PRE-CVE

SAS Integration Technologies Client 9.31_M1 'SASspk.dll' - Stack Overflow

Title source: legacy

Exploitation Summary

EIP tracks 1 public exploit for EIP-2026-116219. PoCs published by LiquidWorm.

AI-analyzed exploit summary This exploit demonstrates a stack-based buffer overflow in SAS Integration Technologies Client 9.31_M1 via the 'RetrieveBinaryFile' function in SASspk.dll. The PoC uses an ActiveX control to trigger the overflow with a long string, potentially leading to arbitrary code execution.

Description

SAS Integration Technologies Client 9.31_M1 'SASspk.dll' - Stack Overflow

Exploits (1)

exploitdb WORKING POC

by LiquidWorm · textdoswindows

https://www.exploit-db.com/exploits/25714

View Code ZIP pw:eip

This exploit demonstrates a stack-based buffer overflow in SAS Integration Technologies Client 9.31_M1 via the 'RetrieveBinaryFile' function in SASspk.dll. The PoC uses an ActiveX control to trigger the overflow with a long string, potentially leading to arbitrary code execution.

Classification

Working Poc 95%

Attack Type

Rce

Complexity

Trivial

Reliability

Reliable

Target: SAS Integration Technologies Client 9.31_M1 (SASspk.dll)

No auth needed

Prerequisites: Victim must open the HTML file in a browser with ActiveX enabled · SAS Integration Technologies Client 9.31_M1 installed

MITRE ATT&CK

T1203 - Exploitation for Client Execution T1189 - Drive-by Compromise

devstral-2 · analyzed Feb 16, 2026 Full analysis →

Details

Status pre_cve

Tracked Since Feb 18, 2026