EIP-2026-116443

PRE-CVE

UCanCode - Multiple Vulnerabilities

Title source: legacy

Exploitation Summary

EIP tracks 1 public exploit for EIP-2026-116443. PoCs published by shinnai.

AI-analyzed exploit summary This is a detailed technical analysis of multiple insecure methods in UCanCode ActiveX controls that allow arbitrary file overwrite. The writeup lists vulnerable ProgIDs, CLSIDs, and methods like ExportAsBitmapFile and SaveMemory2.

Description

UCanCode - Multiple Vulnerabilities

Exploits (1)

exploitdb WRITEUP

by shinnai · textdoswindows

https://www.exploit-db.com/exploits/40820

View Code ZIP pw:eip

This is a detailed technical analysis of multiple insecure methods in UCanCode ActiveX controls that allow arbitrary file overwrite. The writeup lists vulnerable ProgIDs, CLSIDs, and methods like ExportAsBitmapFile and SaveMemory2.

Classification

Writeup 90%

Attack Type

Other

Complexity

Trivial

Reliability

Reliable

Target: UCanCode ActiveX controls (multiple versions)

No auth needed

Prerequisites: Victim must have UCanCode ActiveX controls installed · Attacker must deliver a malicious HTML/JS file to trigger the ActiveX methods

MITRE ATT&CK

T1218 - System Binary Proxy Execution

devstral-2 · analyzed Feb 18, 2026 Full analysis →

Details

Status pre_cve

Tracked Since Feb 18, 2026