EIP-2026-118625

PRE-CVE

Grokster 1.3/2.6 / KaZaA Media Desktop 1.3.x/1.6.1/2.0.x - ActiveX Control Remote Buffer Overflow

Title source: legacy

Exploitation Summary

EIP tracks 1 public exploit for EIP-2026-118625. PoCs published by celebrityhacker.

AI-analyzed exploit summary This exploit targets a buffer overflow vulnerability in the Altnet Download Manager ActiveX control (ADM.ADM.1). The PoC constructs a long string of 'a's followed by 'x's to trigger the overflow in the 'IsValidFile' method, potentially leading to arbitrary code execution.

Description

Grokster 1.3/2.6 / KaZaA Media Desktop 1.3.x/1.6.1/2.0.x - ActiveX Control Remote Buffer Overflow

Exploits (1)

exploitdb WORKING POC VERIFIED

by celebrityhacker · htmlremotewindows

https://www.exploit-db.com/exploits/24568

View Code ZIP pw:eip

This exploit targets a buffer overflow vulnerability in the Altnet Download Manager ActiveX control (ADM.ADM.1). The PoC constructs a long string of 'a's followed by 'x's to trigger the overflow in the 'IsValidFile' method, potentially leading to arbitrary code execution.

Classification

Working Poc 90%

Attack Type

Rce

Complexity

Trivial

Reliability

Reliable

Target: Altnet Download Manager (installed with Kazaa and Grokster)

No auth needed

Prerequisites: Victim must have Altnet Download Manager installed · ActiveX controls must be enabled in the browser

MITRE ATT&CK

T1189 - Drive-by Compromise T1203 - Exploitation for Client Execution

devstral-2 · analyzed Feb 16, 2026 Full analysis →

Details

Status pre_cve

Tracked Since Feb 18, 2026