EIP-2026-118822

Exploitation Summary

EIP tracks 1 public exploit for EIP-2026-118822. PoCs published by Jelmer.

AI-analyzed exploit summary This exploit leverages the ADODB.Stream ActiveX object in Internet Explorer to write arbitrary files to the victim's filesystem when executed in a relaxed security zone (e.g., Local Zone). It demonstrates file overwrite capabilities, such as replacing wmplayer.exe, by fetching a remote payload and saving it locally.

Description

Microsoft Internet Explorer 6 - ADODB.Stream Object File Installation

Exploits (1)

exploitdb WORKING POC VERIFIED

by Jelmer · textremotewindows

https://www.exploit-db.com/exploits/24187

View Code ZIP pw:eip

This exploit leverages the ADODB.Stream ActiveX object in Internet Explorer to write arbitrary files to the victim's filesystem when executed in a relaxed security zone (e.g., Local Zone). It demonstrates file overwrite capabilities, such as replacing wmplayer.exe, by fetching a remote payload and saving it locally.

Classification

Working Poc 100%

Attack Type

Rce

Complexity

Trivial

Reliability

Reliable

Target: Microsoft Internet Explorer (versions affected by relaxed Local Zone security restrictions)

No auth needed

Prerequisites: Victim must execute the script in a relaxed security zone (e.g., Local Zone or Intranet Zone) · Attacker must host a malicious payload on a remote server

MITRE ATT&CK

T1189 - Drive-by Compromise T1204 - User Execution

devstral-2 · analyzed Feb 18, 2026 Full analysis →

Microsoft Internet Explorer 6 - ADODB.Stream Object File Installation

Exploitation Summary

Description

Exploits (1)

Details