EIP-2026-118880

PRE-CVE

Microsoft Windows Media Player 11 - ScriptCommand Multiple Information Disclosure Vulnerabilities

Title source: legacy

Exploitation Summary

EIP tracks 1 public exploit for EIP-2026-118880. PoCs published by Rosario Valotta.

AI-analyzed exploit summary This exploit leverages an information disclosure vulnerability in Microsoft Windows Media Player by using a crafted ASX file to access local or remote files. The PoC demonstrates how an attacker can retrieve sensitive information or discover hosts via file URIs.

Description

Microsoft Windows Media Player 11 - ScriptCommand Multiple Information Disclosure Vulnerabilities

Exploits (1)

exploitdb WORKING POC VERIFIED

by Rosario Valotta · textremotewindows

https://www.exploit-db.com/exploits/33035

View Code ZIP pw:eip

This exploit leverages an information disclosure vulnerability in Microsoft Windows Media Player by using a crafted ASX file to access local or remote files. The PoC demonstrates how an attacker can retrieve sensitive information or discover hosts via file URIs.

Classification

Working Poc 90%

Attack Type

Info Leak

Complexity

Trivial

Reliability

Reliable

Target: Microsoft Windows Media Player

No auth needed

Prerequisites: Victim must open a malicious ASX file in Windows Media Player

MITRE ATT&CK

T1083 - File and Directory Discovery T1119 - Automated Collection

devstral-2 · analyzed Feb 16, 2026 Full analysis →

Details

Status pre_cve

Tracked Since Feb 18, 2026