EIP-2026-117491

PRE-CVE

Microsoft Game Definition File Editor 6.3.9600 - XML External Entity Injection

Title source: legacy

Exploitation Summary

EIP tracks 1 public exploit for EIP-2026-117491. PoCs published by hyp3rlinx.

AI-analyzed exploit summary The exploit demonstrates an XML External Entity (XXE) vulnerability in Microsoft's GDFMaker v6.3.9600.16384, allowing local file exfiltration via a crafted .GDFMakerProject file. The PoC includes a malicious XML file and DTD to extract the contents of 'msdfmap.ini' and send it to an attacker-controlled server.

Description

Microsoft Game Definition File Editor 6.3.9600 - XML External Entity Injection

Exploits (1)

exploitdb WORKING POC

by hyp3rlinx · textlocalwindows

https://www.exploit-db.com/exploits/43017

View Code ZIP pw:eip

The exploit demonstrates an XML External Entity (XXE) vulnerability in Microsoft's GDFMaker v6.3.9600.16384, allowing local file exfiltration via a crafted .GDFMakerProject file. The PoC includes a malicious XML file and DTD to extract the contents of 'msdfmap.ini' and send it to an attacker-controlled server.

Classification

Working Poc 95%

Attack Type

Info Leak

Complexity

Trivial

Reliability

Reliable

Target: Microsoft GDFMaker v6.3.9600.16384

No auth needed

Prerequisites: Victim must open the malicious .GDFMakerProject file via Ctrl+O or File Menu · Attacker must host a server to receive exfiltrated data

MITRE ATT&CK

T1059.002 - AppleScript T1552.001 - Credentials In Files

devstral-2 · analyzed Feb 19, 2026 Full analysis →

Details

Status pre_cve

Tracked Since Feb 18, 2026