EIP-2026-117835

Exploitation Summary

EIP tracks 1 public exploit for EIP-2026-117835. PoCs published by Eduardo Braun Prado.

AI-analyzed exploit summary This exploit leverages a directory traversal vulnerability in Real Player's 'external::Import()' method to achieve remote code execution by planting arbitrary files (e.g., 'shdoclc.dll' and 'write.exe') in sensitive locations like the 'startup' folder. The attack requires hosting malicious files on an SMB or WebDav share and exploits unsafe file type handling and path sanitization.

Description

Real Player 16.0.3.51 - 'external::Import()' Directory Traversal to Remote Code Execution (RCE)

Exploits (1)

exploitdb WORKING POC

by Eduardo Braun Prado · textlocalwindows

https://www.exploit-db.com/exploits/50954

View Code ZIP pw:eip

This exploit leverages a directory traversal vulnerability in Real Player's 'external::Import()' method to achieve remote code execution by planting arbitrary files (e.g., 'shdoclc.dll' and 'write.exe') in sensitive locations like the 'startup' folder. The attack requires hosting malicious files on an SMB or WebDav share and exploits unsafe file type handling and path sanitization.

Classification

Working Poc 90%

Attack Type

Rce

Complexity

Moderate

Reliability

Reliable

Target: Real Player (versions 16.00.282, 16.0.3.51, Cloud 17.0.9.17, v.20.0.7.309)

No auth needed

Prerequisites: Hosting malicious files on an SMB or WebDav share · User interaction to trigger the 'Import()' method

MITRE ATT&CK

T1195.002 - Compromise Software Supply Chain T1203 - Exploitation for Client Execution T1505.003 - Web Shell

devstral-2 · analyzed Feb 16, 2026 Full analysis →

Real Player 16.0.3.51 - 'external::Import()' Directory Traversal to Remote Code Execution (RCE)

Exploitation Summary

Description

Exploits (1)

Details