EIP-2026-118948

PRE-CVE

NCTVideoStudio ActiveX DLLs 1.6 - Insecure Method File Creation

Title source: legacy

Exploitation Summary

EIP tracks 1 public exploit for EIP-2026-118948. PoCs published by Stack.

AI-analyzed exploit summary This exploit targets an insecure method in NCTVideoStudio ActiveX DLLs (Version 1.6) to create arbitrary files on the system. The PoC uses the 'CreateFile' method via an ActiveX object to write a file to 'c:\system_.ini' when a button is clicked.

Description

NCTVideoStudio ActiveX DLLs 1.6 - Insecure Method File Creation

Exploits (1)

exploitdb WORKING POC VERIFIED

by Stack · htmlremotewindows

https://www.exploit-db.com/exploits/7871

View Code ZIP pw:eip

This exploit targets an insecure method in NCTVideoStudio ActiveX DLLs (Version 1.6) to create arbitrary files on the system. The PoC uses the 'CreateFile' method via an ActiveX object to write a file to 'c:\system_.ini' when a button is clicked.

Classification

Working Poc 90%

Attack Type

Other

Complexity

Trivial

Reliability

Reliable

Target: NCTVideoStudio ActiveX DLLs Version 1.6

No auth needed

Prerequisites: Victim must have NCTVideoStudio ActiveX DLLs Version 1.6 installed · Victim must visit the malicious HTML page

MITRE ATT&CK

T1218 - System Binary Proxy Execution

devstral-2 · analyzed Feb 16, 2026 Full analysis →

Details

Status pre_cve

Tracked Since Feb 18, 2026