EIP-2026-119663

PRE-CVE

Visual Studio 2008 - XML External Entity Injection

Title source: legacy

Exploitation Summary

EIP tracks 1 public exploit for EIP-2026-119663. PoCs published by hyp3rlinx.

AI-analyzed exploit summary This exploit demonstrates an XML External Entity (XXE) injection vulnerability in Visual Studio 2008 Express IDE. By crafting malicious XML files with specific extensions (e.g., .snippet, .asm), an attacker can exfiltrate local files from the victim's system to a remote server.

Description

Visual Studio 2008 - XML External Entity Injection

Exploits (1)

exploitdb WORKING POC VERIFIED

by hyp3rlinx · textlocalxml

https://www.exploit-db.com/exploits/47729

View Code ZIP pw:eip

This exploit demonstrates an XML External Entity (XXE) injection vulnerability in Visual Studio 2008 Express IDE. By crafting malicious XML files with specific extensions (e.g., .snippet, .asm), an attacker can exfiltrate local files from the victim's system to a remote server.

Classification

Working Poc 95%

Attack Type

Info Leak

Complexity

Trivial

Reliability

Reliable

Target: Visual Studio 2008 Express IDE

No auth needed

Prerequisites: Victim must open a malicious file with a vulnerable extension in Visual Studio 2008 · Attacker must host a server to receive exfiltrated data

MITRE ATT&CK

T1195.002 - Compromise Software Supply Chain

devstral-2 · analyzed Feb 18, 2026 Full analysis →

Details

Status pre_cve

Tracked Since Feb 18, 2026