EIP-2026-118766

PRE-CVE

McKesson - ActiveX File/Environmental Variable Enumeration

Title source: legacy
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for EIP-2026-118766. PoCs published by blake.

AI-analyzed exploit summary This HTML-based PoC exploits an ActiveX control vulnerability in McKesson Horizon Rad Station to enumerate files and environment variables on the victim's machine. It uses the OpenTextFile and GetEnvironmentVariable methods to confirm file existence and retrieve environment variable values.

Description

McKesson - ActiveX File/Environmental Variable Enumeration

Exploits (1)

exploitdb WORKING POC
by blake · htmlremotewindows
https://www.exploit-db.com/exploits/28376

This HTML-based PoC exploits an ActiveX control vulnerability in McKesson Horizon Rad Station to enumerate files and environment variables on the victim's machine. It uses the OpenTextFile and GetEnvironmentVariable methods to confirm file existence and retrieve environment variable values.

Classification
Working Poc 95%
Attack Type
Info Leak
Complexity
Trivial
Reliability
Reliable
Target: McKesson Horizon Rad Station 11.0.10.38
No auth needed
Prerequisites: Victim must have McKesson Horizon Rad Station installed · ActiveX control must be enabled in Internet Explorer
devstral-2 · analyzed Feb 18, 2026 Full analysis →

Details

Status pre_cve
Tracked Since Feb 18, 2026