CVE-2022-24644

HIGH

ZZ Inc. KeyMouse <=3.08 - Unauthenticated Update Code Execution

Title source: manual

Exploitation Summary

EIP tracks 2 public exploits for CVE-2022-24644. PoCs published by gar-re, ThanhThuy2908.

AI-analyzed exploit summary This PoC exploits an unauthenticated remote code execution vulnerability in ZZ Inc. KeyMouse 3.08 by spoofing the update server and serving a malicious executable. The exploit involves DNS spoofing and a simple HTTP server to deliver the payload.

Description

ZZ Inc. KeyMouse Windows 3.08 and prior is affected by a remote code execution vulnerability during an unauthenticated update. To exploit this vulnerability, a user must trigger an update of an affected installation of KeyMouse.

Exploits (2)

nomisec WORKING POC 1 stars

by gar-re · poc

https://github.com/gar-re/cve-2022-24644

View Code ZIP pw:eip

This PoC exploits an unauthenticated remote code execution vulnerability in ZZ Inc. KeyMouse 3.08 by spoofing the update server and serving a malicious executable. The exploit involves DNS spoofing and a simple HTTP server to deliver the payload.

Classification

Working Poc 100%

Attack Type

Rce

Complexity

Moderate

Reliability

Reliable

Target: ZZ Inc. KeyMouse 3.08 (Windows)

No auth needed

Prerequisites: DNS spoofing capability · Target must initiate an update check

MITRE ATT&CK

T1189 - Drive-by Compromise T1059 - Command and Scripting Interpreter

devstral-2 · analyzed Feb 16, 2026 Full analysis →

nomisec WORKING POC

by ThanhThuy2908 · poc

https://github.com/ThanhThuy2908/ATHDH_CVE_2022_24644

View Code ZIP pw:eip

This repository contains a PoC for CVE-2022-24644, an unauthenticated remote code execution vulnerability in ZZ Inc. KeyMouse 3.08. The exploit involves a malicious update server that serves a fake version file and a payload (proof.exe) to achieve RCE.

Classification

Working Poc 95%

Attack Type

Rce

Complexity

Moderate

Reliability

Reliable

Target: ZZ Inc. KeyMouse 3.08

No auth needed

Prerequisites: Network access to the target · Target must be running KeyMouse 3.08 · Target must attempt to check for updates

MITRE ATT&CK

T1189 - Drive-by Compromise T1059 - Command and Scripting Interpreter

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (2)

Core 2

Core References

Product, Vendor Advisory x_refsource_misc

http://keymouse.com

Exploit, Third Party Advisory x_refsource_misc

https://github.com/gerr-re/cve-2022-24644/blob/main/cve-2022-24644_public-advisory.pdf

View Exploit ZIP pw:eip

Scores

CVSS v3 8.8

EPSS 0.0217

EPSS Percentile 79.9%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Details

CWE

CWE-494

Status published

Products (3)

zzinc/keymouse_firmware 2.02

zzinc/keymouse_firmware 3.05

zzinc/keymouse_firmware 3.08

Published Mar 10, 2022

Tracked Since Feb 18, 2026