EIP-2026-119331

PRE-CVE

Zenturi ProgramChecker - 'ActiveX NavigateUrl()' Insecure Method

Title source: legacy

Exploitation Summary

EIP tracks 1 public exploit for EIP-2026-119331. PoCs published by shinnai.

AI-analyzed exploit summary This exploit demonstrates an insecure method in the Zenturi ProgramChecker ActiveX Control, allowing arbitrary local file execution via the 'NavigateUrl()' method. It includes functional VBScript code to trigger the vulnerability by launching 'notepad.exe' and 'cmd.exe'.

Description

Zenturi ProgramChecker - 'ActiveX NavigateUrl()' Insecure Method

Exploits (1)

exploitdb WORKING POC VERIFIED

by shinnai · htmlremotewindows

https://www.exploit-db.com/exploits/4050

View Code ZIP pw:eip

This exploit demonstrates an insecure method in the Zenturi ProgramChecker ActiveX Control, allowing arbitrary local file execution via the 'NavigateUrl()' method. It includes functional VBScript code to trigger the vulnerability by launching 'notepad.exe' and 'cmd.exe'.

Classification

Working Poc 95%

Attack Type

Rce

Complexity

Trivial

Reliability

Reliable

Target: Zenturi ProgramChecker ActiveX Control (clsid:59DBDDA6-9A80-42A4-B824-9BC50CC172F5)

No auth needed

Prerequisites: ActiveX control must be installed and enabled in Internet Explorer

MITRE ATT&CK

T1218 - System Binary Proxy Execution

devstral-2 · analyzed Feb 18, 2026 Full analysis →

Details

Status pre_cve

Tracked Since Feb 18, 2026