EIP-2026-118895

PRE-CVE

Microsoft Windows XP/2000/2003 - 'winhlp32' Phrase Heap Overflow

Title source: legacy

Exploitation Summary

EIP tracks 1 public exploit for EIP-2026-118895. PoCs published by flashsky fangxing.

AI-analyzed exploit summary This is a technical writeup describing a heap-based buffer overflow vulnerability in Microsoft Windows' winhlp32.exe when processing malformed .hlp files. The vulnerability allows remote code execution in the context of the user opening the malicious file.

Description

Microsoft Windows XP/2000/2003 - 'winhlp32' Phrase Heap Overflow

Exploits (1)

exploitdb WRITEUP VERIFIED

by flashsky fangxing · textremotewindows

https://www.exploit-db.com/exploits/25050

View Code ZIP pw:eip

This is a technical writeup describing a heap-based buffer overflow vulnerability in Microsoft Windows' winhlp32.exe when processing malformed .hlp files. The vulnerability allows remote code execution in the context of the user opening the malicious file.

Classification

Writeup 90%

Attack Type

Rce

Complexity

Moderate

Reliability

Theoretical

Target: Microsoft Windows (winhlp32.exe)

No auth needed

Prerequisites: Malformed .hlp file · User interaction to open the file

MITRE ATT&CK

T1203 - Exploitation for Client Execution

devstral-2 · analyzed Feb 18, 2026 Full analysis →

Details

Status pre_cve

Tracked Since Feb 18, 2026