EIP-2026-117727

PRE-CVE

Oracle - 'HtmlConverter.exe' Local Buffer Overflow

Title source: legacy

Exploitation Summary

EIP tracks 1 public exploit for EIP-2026-117727. PoCs published by hyp3rlinx.

AI-analyzed exploit summary This exploit demonstrates a buffer overflow vulnerability in Oracle's Java SE 6 U24 HtmlConverter.exe, allowing arbitrary code execution via a crafted payload. The PoC uses a JMP ESP instruction from kernel32.dll to redirect execution to a calc.exe-popping shellcode.

Description

Oracle - 'HtmlConverter.exe' Local Buffer Overflow

Exploits (1)

exploitdb WORKING POC

by hyp3rlinx · textlocalwindows

https://www.exploit-db.com/exploits/39284

View Code ZIP pw:eip

This exploit demonstrates a buffer overflow vulnerability in Oracle's Java SE 6 U24 HtmlConverter.exe, allowing arbitrary code execution via a crafted payload. The PoC uses a JMP ESP instruction from kernel32.dll to redirect execution to a calc.exe-popping shellcode.

Classification

Working Poc 95%

Attack Type

Rce

Complexity

Moderate

Reliability

Reliable

Target: Oracle Java Platform SE 6 U24 HtmlConverter.exe (6.0.240.50)

No auth needed

Prerequisites: Local access to the target system · Presence of vulnerable Oracle Java SE 6 U24 HtmlConverter.exe

MITRE ATT&CK

T1190 - Exploit Public-Facing Application T1203 - Exploitation for Client Execution

devstral-2 · analyzed Feb 16, 2026 Full analysis →

Details

Status pre_cve

Tracked Since Feb 18, 2026