EIP-2026-118855

Exploitation Summary

EIP tracks 1 public exploit for EIP-2026-118855. PoCs published by Ahmed Obied.

AI-analyzed exploit summary This exploit targets a vulnerability in OWC10/OWC11 ActiveX controls via heap spraying and memory corruption to achieve remote code execution. It serves a malicious HTML page that triggers the vulnerability in Internet Explorer, leading to arbitrary code execution (e.g., launching calc.exe).

Description

Microsoft Office Web Components Spreadsheet - ActiveX 'OWC10/11' Remote Overflow

Exploits (1)

exploitdb WORKING POC VERIFIED

by Ahmed Obied · pythonremotewindows

https://www.exploit-db.com/exploits/9224

View Code ZIP pw:eip

This exploit targets a vulnerability in OWC10/OWC11 ActiveX controls via heap spraying and memory corruption to achieve remote code execution. It serves a malicious HTML page that triggers the vulnerability in Internet Explorer, leading to arbitrary code execution (e.g., launching calc.exe).

Classification

Working Poc 95%

Attack Type

Rce

Complexity

Moderate

Reliability

Reliable

Target: Microsoft Office Web Components (OWC10/OWC11) in Internet Explorer 7.0.5730.13 on Windows XP SP3

No auth needed

Prerequisites: Victim must visit the malicious URL · OWC10.dll or OWC11.dll must be installed · Internet Explorer 7.0.5730.13 on Windows XP SP3

MITRE ATT&CK

T1189 - Drive-by Compromise T1059 - Command and Scripting Interpreter T1203 - Exploitation for Client Execution

devstral-2 · analyzed Feb 16, 2026 Full analysis →

Microsoft Office Web Components Spreadsheet - ActiveX 'OWC10/11' Remote Overflow

Exploitation Summary

Description

Exploits (1)

Details