EIP-2026-117076

PRE-CVE

Dup Scout Enterprise 10.5.12 - 'Share Username' Local Buffer Overflow

Title source: legacy

Exploitation Summary

EIP tracks 1 public exploit for EIP-2026-117076. PoCs published by bzyo.

AI-analyzed exploit summary This exploit demonstrates a local buffer overflow in Dup Scout Enterprise 10.5.12 by overwriting the EIP register with a 'push esp; ret' instruction and executing a calc.exe payload via shellcode. The PoC generates a malicious input file that triggers the vulnerability when pasted into the 'User Name' field during server connection.

Description

Dup Scout Enterprise 10.5.12 - 'Share Username' Local Buffer Overflow

Exploits (1)

exploitdb WORKING POC

by bzyo · pythonlocalwindows

https://www.exploit-db.com/exploits/44244

View Code ZIP pw:eip

This exploit demonstrates a local buffer overflow in Dup Scout Enterprise 10.5.12 by overwriting the EIP register with a 'push esp; ret' instruction and executing a calc.exe payload via shellcode. The PoC generates a malicious input file that triggers the vulnerability when pasted into the 'User Name' field during server connection.

Classification

Working Poc 95%

Attack Type

Rce

Complexity

Moderate

Reliability

Reliable

Target: Dup Scout Enterprise v10.5.12

No auth needed

Prerequisites: Dup Scout Enterprise 10.5.12 installed on Windows 7 x86 · Ability to paste malicious input into the 'User Name' field

MITRE ATT&CK

T1203 - Exploitation for Client Execution T1059 - Command and Scripting Interpreter

devstral-2 · analyzed Feb 16, 2026 Full analysis →

Details

Status pre_cve

Tracked Since Feb 18, 2026