EIP-2026-117012

PRE-CVE

CyberLink Power2Go Essential 9.0.1002.0 - Registry Buffer Overflow (SEH Unicode)

Title source: legacy

Exploitation Summary

EIP tracks 1 public exploit for EIP-2026-117012. PoCs published by Mike Czumak.

AI-analyzed exploit summary This exploit targets a Unicode SEH-based buffer overflow in CyberLink Power2Go 9.0.1002.0 by manipulating the 'UserName' registry key. It uses a crafted .reg file to trigger the vulnerability when the 'About' screen is opened, leading to arbitrary code execution (calc.exe payload).

Description

CyberLink Power2Go Essential 9.0.1002.0 - Registry Buffer Overflow (SEH Unicode)

Exploits (1)

exploitdb WORKING POC

by Mike Czumak · perllocalwindows

https://www.exploit-db.com/exploits/33426

View Code ZIP pw:eip

This exploit targets a Unicode SEH-based buffer overflow in CyberLink Power2Go 9.0.1002.0 by manipulating the 'UserName' registry key. It uses a crafted .reg file to trigger the vulnerability when the 'About' screen is opened, leading to arbitrary code execution (calc.exe payload).

Classification

Working Poc 100%

Attack Type

Rce

Complexity

Moderate

Reliability

Reliable

Target: CyberLink Power2Go 9 Essential 9.0.1002.0

No auth needed

Prerequisites: Ability to modify registry keys on the target system · Victim must open the 'About' screen in Power2Go

MITRE ATT&CK

T1190 - Exploit Public-Facing Application T1203 - Exploitation for Client Execution

devstral-2 · analyzed Feb 16, 2026 Full analysis →

Details

Status pre_cve

Tracked Since Feb 18, 2026