EIP-2026-116798

PRE-CVE

AOL 9.5 - 'Phobos.Playlist Import()' Stack Buffer Overflow (Metasploit)

Title source: legacy
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for EIP-2026-116798. PoCs published by Metasploit.

AI-analyzed exploit summary This is a Metasploit module exploiting a stack-based buffer overflow in AOL 9.5's Phobos.Playlist ActiveX control via the Import() method. It generates an HTML file with malicious JavaScript to trigger the vulnerability and execute arbitrary code.

Description

AOL 9.5 - 'Phobos.Playlist Import()' Stack Buffer Overflow (Metasploit)

Exploits (1)

exploitdb WORKING POC VERIFIED
by Metasploit · rubylocalwindows
https://www.exploit-db.com/exploits/16651

This is a Metasploit module exploiting a stack-based buffer overflow in AOL 9.5's Phobos.Playlist ActiveX control via the Import() method. It generates an HTML file with malicious JavaScript to trigger the vulnerability and execute arbitrary code.

Classification
Working Poc 95%
Attack Type
Rce
Complexity
Moderate
Reliability
Reliable
Target: AOL 9.5 (Phobos.dll 9.5.0.1)
No auth needed
Prerequisites: Victim must open the generated HTML file locally · AOL 9.5 with vulnerable Phobos.dll installed
devstral-2 · analyzed Feb 16, 2026 Full analysis →

Details

Status pre_cve
Tracked Since Feb 18, 2026