EIP-2026-117502

Exploitation Summary

EIP tracks 1 public exploit for EIP-2026-117502. PoCs published by hyp3rlinx.

AI-analyzed exploit summary This exploit demonstrates an XXE (XML External Entity) vulnerability in Microsoft Windows MSINFO32.exe, allowing remote attackers to exfiltrate files from the victim's system by crafting a malicious .nfo file. The PoC includes a DTD file and a malicious .nfo file that, when opened, sends the contents of a target file to an attacker-controlled server.

Description

Microsoft MSINFO32.EXE 6.1.7601 - '.NFO' XML External Entity Injection

Exploits (1)

exploitdb WORKING POC VERIFIED

by hyp3rlinx · textlocalwindows

https://www.exploit-db.com/exploits/40864

View Code ZIP pw:eip

This exploit demonstrates an XXE (XML External Entity) vulnerability in Microsoft Windows MSINFO32.exe, allowing remote attackers to exfiltrate files from the victim's system by crafting a malicious .nfo file. The PoC includes a DTD file and a malicious .nfo file that, when opened, sends the contents of a target file to an attacker-controlled server.

Classification

Working Poc 95%

Attack Type

Info Leak

Complexity

Trivial

Reliability

Reliable

Target: Microsoft Windows MSINFO32.exe v6.1.7601

No auth needed

Prerequisites: Attacker-controlled server to host payload.dtd · Victim must open the malicious .nfo file

MITRE ATT&CK

T1211 - Exploitation for Defense Evasion T1059.007 - JavaScript

devstral-2 · analyzed Feb 19, 2026 Full analysis →

Microsoft MSINFO32.EXE 6.1.7601 - '.NFO' XML External Entity Injection

Exploitation Summary

Description

Exploits (1)

Details