EIP-2026-118961

Exploitation Summary

EIP tracks 1 public exploit for EIP-2026-118961. PoCs published by wsn1983.

AI-analyzed exploit summary The exploit demonstrates multiple vulnerabilities in the Newv SmartClient ActiveX control, including arbitrary command execution via the RunCommand method and a stack-based buffer overflow in the WriteTextFile function. The provided PoC code shows how an attacker can execute arbitrary commands (e.g., calc.exe) or trigger a buffer overflow leading to potential code execution.

Description

Newv SmartClient 1.1.0 - 'NewvCommon.ocx' ActiveX Control Multiple Vulnerabilities

Exploits (1)

exploitdb WORKING POC VERIFIED

by wsn1983 · htmlremotewindows

https://www.exploit-db.com/exploits/35190

View Code ZIP pw:eip

The exploit demonstrates multiple vulnerabilities in the Newv SmartClient ActiveX control, including arbitrary command execution via the RunCommand method and a stack-based buffer overflow in the WriteTextFile function. The provided PoC code shows how an attacker can execute arbitrary commands (e.g., calc.exe) or trigger a buffer overflow leading to potential code execution.

Classification

Working Poc 95%

Attack Type

Rce

Complexity

Trivial

Reliability

Reliable

Target: Newv SmartClient ActiveX (NewvCommon.ocx) 1.1.0.0

No auth needed

Prerequisites: Victim must visit a malicious webpage hosting the exploit · ActiveX control must be installed and enabled in the browser

MITRE ATT&CK

T1189 - Drive-by Compromise T1203 - Exploitation for Client Execution

devstral-2 · analyzed Feb 18, 2026 Full analysis →

Newv SmartClient 1.1.0 - 'NewvCommon.ocx' ActiveX Control Multiple Vulnerabilities

Exploitation Summary

Description

Exploits (1)

Details