EIP-2026-117571

Exploitation Summary

EIP tracks 1 public exploit for EIP-2026-117571. PoCs published by Eduardo Braun Prado.

AI-analyzed exploit summary This exploit leverages a security bypass in Microsoft Windows Media Center (WMV/WMA file parsing) to achieve arbitrary code execution by embedding a 'URL' script instruction in a crafted file. It exploits the lack of 'Local Machine Zone Lockdown' in the ehexthost32 plugin, allowing navigation to local files and execution in a privileged context.

Description

Microsoft Windows Media Center WMV / WMA 6.3.9600.16384 - Code Execution

Exploits (1)

exploitdb WORKING POC

by Eduardo Braun Prado · textlocalwindows

https://www.exploit-db.com/exploits/47981

View Code ZIP pw:eip

This exploit leverages a security bypass in Microsoft Windows Media Center (WMV/WMA file parsing) to achieve arbitrary code execution by embedding a 'URL' script instruction in a crafted file. It exploits the lack of 'Local Machine Zone Lockdown' in the ehexthost32 plugin, allowing navigation to local files and execution in a privileged context.

Classification

Working Poc 90%

Attack Type

Rce

Complexity

Moderate

Reliability

Reliable

Target: Microsoft Windows Media Center 6.3.9600.16384

No auth needed

Prerequisites: Ability to deliver a crafted WMV/WMA file to the target · User interaction to open the file in Windows Media Center

MITRE ATT&CK

T1203 - Exploitation for Client Execution T1189 - Drive-by Compromise

devstral-2 · analyzed Feb 19, 2026 Full analysis →

Microsoft Windows Media Center WMV / WMA 6.3.9600.16384 - Code Execution

Exploitation Summary

Description

Exploits (1)

Details