EIP-2026-119010

PRE-CVE

Oracle Hyperion Financial Management TList6 - ActiveX Control Remote Code Execution

Title source: legacy

Exploitation Summary

EIP tracks 1 public exploit for EIP-2026-119010. PoCs published by rgod.

AI-analyzed exploit summary This exploit leverages an unsafe ActiveX control (TList6.ocx) marked as 'safe for scripting' to write arbitrary files via the SaveData() method. The PoC demonstrates RCE by creating an HTA file in the startup folder that executes calc.exe.

Description

Oracle Hyperion Financial Management TList6 - ActiveX Control Remote Code Execution

Exploits (1)

exploitdb WORKING POC VERIFIED

by rgod · textremotewindows

https://www.exploit-db.com/exploits/18062

View Code ZIP pw:eip

This exploit leverages an unsafe ActiveX control (TList6.ocx) marked as 'safe for scripting' to write arbitrary files via the SaveData() method. The PoC demonstrates RCE by creating an HTA file in the startup folder that executes calc.exe.

Classification

Working Poc 95%

Attack Type

Rce

Complexity

Trivial

Reliability

Reliable

Target: Oracle Hyperion Financial Management 11.1.2.1.0 (TList6.ocx ActiveX Control)

No auth needed

Prerequisites: Victim must use Internet Explorer with ActiveX enabled · TList6.ocx must be installed and registered

MITRE ATT&CK

T1189 - Drive-by Compromise T1203 - Exploitation for Client Execution

devstral-2 · analyzed Feb 16, 2026 Full analysis →

Details

Status pre_cve

Tracked Since Feb 18, 2026