EIP-2026-118359

PRE-CVE

Cisco Linksys PlayerPT - ActiveX Control Buffer Overflow (Metasploit)

Title source: legacy

Exploitation Summary

EIP tracks 1 public exploit for EIP-2026-118359. PoCs published by Metasploit.

AI-analyzed exploit summary This Metasploit module exploits a stack-based buffer overflow in Cisco Linksys PlayerPT ActiveX Control via the SetSource method, leading to remote code execution. It includes heap spraying and ROP chain techniques for different IE versions on Windows XP/Vista.

Description

Cisco Linksys PlayerPT - ActiveX Control Buffer Overflow (Metasploit)

Exploits (1)

exploitdb WORKING POC VERIFIED

by Metasploit · rubyremotewindows

https://www.exploit-db.com/exploits/20112

View Code ZIP pw:eip

This Metasploit module exploits a stack-based buffer overflow in Cisco Linksys PlayerPT ActiveX Control via the SetSource method, leading to remote code execution. It includes heap spraying and ROP chain techniques for different IE versions on Windows XP/Vista.

Classification

Working Poc 100%

Attack Type

Rce

Complexity

Moderate

Reliability

Reliable

Target: Cisco Linksys PlayerPT ActiveX Control 1.0.0.15

No auth needed

Prerequisites: Victim must visit a malicious web page using a vulnerable IE version (6-8) on Windows XP SP3 or Vista SP2

MITRE ATT&CK

T1189 - Drive-by Compromise T1203 - Exploitation for Client Execution

devstral-2 · analyzed Feb 16, 2026 Full analysis →

Details

Status pre_cve

Tracked Since Feb 18, 2026