EIP-2026-116477

PRE-CVE

VbsEdit 5.9.3 - '.smi' Buffer Overflow (PoC)

Title source: legacy

Exploitation Summary

EIP tracks 1 public exploit for EIP-2026-116477. PoCs published by d3b4g.

AI-analyzed exploit summary This exploit demonstrates a buffer overflow vulnerability in VbsEdit 5.9.3 by generating a malformed .smi file with an excessively long string of 'A' characters. The overflow is triggered when the file is opened in VbsEdit, potentially leading to arbitrary code execution.

Description

VbsEdit 5.9.3 - '.smi' Buffer Overflow (PoC)

Exploits (1)

exploitdb WORKING POC VERIFIED

by d3b4g · textdoswindows

https://www.exploit-db.com/exploits/27010

View Code ZIP pw:eip

This exploit demonstrates a buffer overflow vulnerability in VbsEdit 5.9.3 by generating a malformed .smi file with an excessively long string of 'A' characters. The overflow is triggered when the file is opened in VbsEdit, potentially leading to arbitrary code execution.

Classification

Working Poc 90%

Attack Type

Rce

Complexity

Trivial

Reliability

Reliable

Target: VbsEdit 5.9.3

No auth needed

Prerequisites: VbsEdit 5.9.3 installed on the target system · Ability to deliver the malicious .smi file to the target

MITRE ATT&CK

T1203 - Exploitation for Client Execution

devstral-2 · analyzed Feb 18, 2026 Full analysis →

Details

Status pre_cve

Tracked Since Feb 18, 2026