EIP-2026-118270

PRE-CVE

AOL Radio AmpX - ActiveX Control 'ConvertFile()' Remote Buffer Overflow (Metasploit)

Title source: legacy

Exploitation Summary

EIP tracks 1 public exploit for EIP-2026-118270. PoCs published by Metasploit.

AI-analyzed exploit summary This is a Metasploit module exploiting a stack-based buffer overflow in AOL Radio AmpX ActiveX Control (AmpX.dll) via an overly long value passed to the ConvertFile() method. It achieves remote code execution by overwriting the return address and executing shellcode.

Description

AOL Radio AmpX - ActiveX Control 'ConvertFile()' Remote Buffer Overflow (Metasploit)

Exploits (1)

exploitdb WORKING POC VERIFIED

by Metasploit · rubyremotewindows

https://www.exploit-db.com/exploits/16591

View Code ZIP pw:eip

This is a Metasploit module exploiting a stack-based buffer overflow in AOL Radio AmpX ActiveX Control (AmpX.dll) via an overly long value passed to the ConvertFile() method. It achieves remote code execution by overwriting the return address and executing shellcode.

Classification

Working Poc 100%

Attack Type

Rce

Complexity

Moderate

Reliability

Reliable

Target: AOL IWinAmpActiveX class (AmpX.dll) version 2.4.0.6

No auth needed

Prerequisites: Target must have AOL Radio AmpX ActiveX Control installed · Target must visit a malicious webpage hosting the exploit

MITRE ATT&CK

T1190 - Exploit Public-Facing Application T1203 - Exploitation for Client Execution

devstral-2 · analyzed Feb 16, 2026 Full analysis →

Details

Status pre_cve

Tracked Since Feb 18, 2026