EIP-2026-116408

PRE-CVE

threedify designer 5.0.2 - Multiple Vulnerabilities

Title source: legacy

Exploitation Summary

EIP tracks 1 public exploit for EIP-2026-116408. PoCs published by High-Tech Bridge SA.

AI-analyzed exploit summary The exploit demonstrates multiple buffer overflow vulnerabilities in the ThreeDify Designer ActiveX control (ActiveSolid.dll). It includes PoC code for insecure methods like cmdSave, cmdExport, cmdImport, and cmdOpen, which can be exploited to execute arbitrary code or overwrite files.

Description

threedify designer 5.0.2 - Multiple Vulnerabilities

Exploits (1)

exploitdb WORKING POC

by High-Tech Bridge SA · textdoswindows

https://www.exploit-db.com/exploits/17620

View Code ZIP pw:eip

The exploit demonstrates multiple buffer overflow vulnerabilities in the ThreeDify Designer ActiveX control (ActiveSolid.dll). It includes PoC code for insecure methods like cmdSave, cmdExport, cmdImport, and cmdOpen, which can be exploited to execute arbitrary code or overwrite files.

Classification

Working Poc 100%

Attack Type

Rce

Complexity

Trivial

Reliability

Reliable

Target: ThreeDify Designer 5.0.2 and prior

No auth needed

Prerequisites: Victim must have the vulnerable ActiveX control installed and enabled in a browser

MITRE ATT&CK

T1189 - Drive-by Compromise T1203 - Exploitation for Client Execution

devstral-2 · analyzed Feb 16, 2026 Full analysis →

Details

Status pre_cve

Tracked Since Feb 18, 2026