CVE-2010-20112

CRITICAL

Amlib's NetOpacs webquery.dll - Buffer Overflow

Title source: llm

Exploitation Summary

EIP tracks 2 public exploits for CVE-2010-20112. PoCs published by Metasploit, aushack, including Metasploit module exploits/windows/http/amlibweb_webquerydll_app.

AI-analyzed exploit summary This Metasploit module exploits a stack buffer overflow in Amlibweb's webquery.dll via an overly long 'app' parameter in an IIS request, allowing remote code execution by overwriting SEH. It targets Windows 2000 Pro with a specific return address in ws2help.dll.

Description

Amlib’s NetOpacs webquery.dll contains a stack-based buffer overflow vulnerability triggered by improper handling of HTTP GET parameters. Specifically, the application fails to enforce bounds on input supplied to the app parameter, allowing excessive data to overwrite memory structures including the Structured Exception Handler (SEH). Additionally, malformed parameter names followed by an equals sign may result in unintended control flow behavior. This vulnerability is exposed through IIS and affects legacy Windows deployments

Exploits (2)

exploitdb WORKING POC VERIFIED

by Metasploit · rubyremotewindows

https://www.exploit-db.com/exploits/16793

View Code ZIP pw:eip

This Metasploit module exploits a stack buffer overflow in Amlibweb's webquery.dll via an overly long 'app' parameter in an IIS request, allowing remote code execution by overwriting SEH. It targets Windows 2000 Pro with a specific return address in ws2help.dll.

Classification

Working Poc 95%

Attack Type

Rce

Complexity

Moderate

Reliability

Reliable

Target: Amlibweb Library Management System (NetOpacs) webquery.dll

No auth needed

Prerequisites: Target running Amlibweb with vulnerable webquery.dll · Access to TCP port 80

MITRE ATT&CK

T1190 - Exploit Public-Facing Application T1203 - Exploitation for Client Execution

devstral-2 · analyzed Feb 16, 2026 Full analysis →

metasploit WORKING POC NORMAL

by aushack · rubypoc

https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/windows/http/amlibweb_webquerydll_app.rb

View Code ZIP pw:eip

This Metasploit module exploits a stack buffer overflow in Amlibweb's webquery.dll via an overly long 'app' parameter, allowing arbitrary remote code execution by overwriting SEH. It targets Windows 2000 Pro with a specific return address in ws2help.dll.

Classification

Working Poc 95%

Attack Type

Rce

Complexity

Moderate

Reliability

Reliable

Target: Amlibweb Library Management System (NetOpacs) webquery.dll

No auth needed

Prerequisites: Network access to the target system · IIS with Amlibweb webquery.dll exposed

MITRE ATT&CK

T1190 - Exploit Public-Facing Application T1203 - Exploitation for Client Execution

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (6)

Core 6

Core References

Various Sources exploit

https://raw.githubusercontent.com/rapid7/metasploit-framework/master/modules/exploits/windows/http/amlibweb_webquerydll_app.rb

Various Sources third-party-advisory

https://advisories.checkpoint.com/defense/advisories/public/2013/cpai-2013-1344.html

Various Sources product

https://www.amlib.co.uk/product/product.aspx?menuId=top_products

Vendor Advisory third-party-advisory

https://www.fortiguard.com/encyclopedia/ips/24002

Exploit, Third Party Advisory exploit

https://www.exploit-db.com/exploits/16793

Third Party Advisory third-party-advisory

https://www.vulncheck.com/advisories/amlibweb-netopacs-stack-buffer-overflow

Scores

CVSS v4 9.3

EPSS 0.0105

EPSS Percentile 59.6%

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

CISA SSVC

Vulnrichment

Exploitation poc

Automatable yes

Technical Impact total

Details

CWE

CWE-121

Status published

Products (1)

Amlib/Amlibweb Library Management System

Published Aug 21, 2025

Tracked Since Feb 18, 2026