EIP-2026-117564

PRE-CVE

Microsoft Windows Defender - Detection Mitigation Bypass TrojanWin32Powessere.G

Title source: legacy

Exploitation Summary

EIP tracks 1 public exploit for EIP-2026-117564. PoCs published by hyp3rlinx.

AI-analyzed exploit summary This exploit demonstrates a Windows Defender detection bypass for TrojanWin32Powessere.G by leveraging path traversal and comma manipulation in rundll32.exe commands. The PoC shows how to execute arbitrary JavaScript via mshtml despite mitigation attempts.

Description

Microsoft Windows Defender - Detection Mitigation Bypass TrojanWin32Powessere.G

Exploits (1)

exploitdb WORKING POC

by hyp3rlinx · textlocalwindows

https://www.exploit-db.com/exploits/51960

View Code ZIP pw:eip

This exploit demonstrates a Windows Defender detection bypass for TrojanWin32Powessere.G by leveraging path traversal and comma manipulation in rundll32.exe commands. The PoC shows how to execute arbitrary JavaScript via mshtml despite mitigation attempts.

Classification

Working Poc 90%

Attack Type

Other

Complexity

Trivial

Reliability

Reliable

Target: Microsoft Windows Defender (specific version not specified)

Auth required

Prerequisites: Administrator privileges · rundll32.exe access

MITRE ATT&CK

T1218 - System Binary Proxy Execution T1059.007 - JavaScript

devstral-2 · analyzed Feb 19, 2026 Full analysis →

Details

Status pre_cve

Tracked Since Feb 18, 2026