EIP-2026-119326

PRE-CVE

Yahoo! Webcam ActiveX Control 2.0.0.107 - Buffer Overrun

Title source: legacy

Exploitation Summary

EIP tracks 1 public exploit for EIP-2026-119326. PoCs published by cesaro.

AI-analyzed exploit summary This exploit demonstrates a buffer overflow vulnerability in the Yahoo! Webcam ActiveX control by setting an overly long string to the 'TargetName' property, which can lead to arbitrary code execution in the context of the victim's browser.

Description

Yahoo! Webcam ActiveX Control 2.0.0.107 - Buffer Overrun

Exploits (1)

exploitdb WORKING POC VERIFIED

by cesaro · textremotewindows

https://www.exploit-db.com/exploits/23152

View Code ZIP pw:eip

This exploit demonstrates a buffer overflow vulnerability in the Yahoo! Webcam ActiveX control by setting an overly long string to the 'TargetName' property, which can lead to arbitrary code execution in the context of the victim's browser.

Classification

Working Poc 90%

Attack Type

Rce

Complexity

Trivial

Reliability

Reliable

Target: Yahoo! Webcam ActiveX control (CLSID: E504EE6E-47C6-11D5-B8AB-00D0B78F3D48)

No auth needed

Prerequisites: Victim must visit a malicious webpage hosting the exploit · ActiveX controls must be enabled in the victim's browser

MITRE ATT&CK

T1189 - Drive-by Compromise

devstral-2 · analyzed Feb 18, 2026 Full analysis →

Details

Status pre_cve

Tracked Since Feb 18, 2026