CVE-2006-2022

Exploitation Summary

EIP tracks 2 public exploits for CVE-2006-2022. PoCs published by Xpl017Elz, c0d3r.

AI-analyzed exploit summary This exploit targets a buffer overflow vulnerability in Fenice OMS server (version 1.10) on Fedora Core 6 with exec-shield. It leverages ROP (Return-Oriented Programming) techniques to bypass memory protections and execute arbitrary code, specifically launching xterm with a display argument pointing to an attacker-controlled xhost IP.

Description

Buffer overflow in the parse_url function in the RTSP module (rtsp/parse_url.c) in Fenice 1.10 and earlier allows remote attackers to execute arbitrary code via a long URL.

Exploits (2)

exploitdb WORKING POC VERIFIED

by Xpl017Elz · cremotelinux

https://www.exploit-db.com/exploits/3815

View Code ZIP pw:eip

This exploit targets a buffer overflow vulnerability in Fenice OMS server (version 1.10) on Fedora Core 6 with exec-shield. It leverages ROP (Return-Oriented Programming) techniques to bypass memory protections and execute arbitrary code, specifically launching xterm with a display argument pointing to an attacker-controlled xhost IP.

Classification

Working Poc 95%

Attack Type

Rce

Complexity

Complex

Reliability

Reliable

Target: Fenice OMS server 1.10

No auth needed

Prerequisites: Network access to the target server on port 554 (default) · Fenice OMS server 1.10 running on Fedora Core 6 with exec-shield

MITRE ATT&CK

T1203 - Exploitation for Client Execution T1068 - Exploitation for Privilege Escalation

devstral-2 · analyzed Feb 16, 2026 Full analysis →

exploitdb WORKING POC VERIFIED

by c0d3r · cremotelinux

https://www.exploit-db.com/exploits/1717

View Code ZIP pw:eip

This is a functional exploit for CVE-2006-2022, targeting a buffer overflow vulnerability in Fenice Open Media Streaming Server. It uses a metasploit-derived shellcode to achieve remote code execution via a crafted GET request.