CVE-2022-28381

CRITICAL

ALLMediaServer <1.6 - Buffer Overflow

Title source: llm

Description

Mediaserver.exe in ALLMediaServer 1.6 has a stack-based buffer overflow that allows remote attackers to execute arbitrary code via a long string to TCP port 888, a related issue to CVE-2017-17932.

Exploits (2)

nomisec WORKING POC

by DShankle · poc

https://github.com/DShankle/CVE-2022-28381_PoC

View Code ZIP pw:eip

metasploit WORKING POC GOOD

by Hejap Zairy Al-Sharif · rubypocwin

https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/windows/misc/cve_2022_28381_allmediaserver_bof.rb

View Code ZIP pw:eip

References (2)

[Exploit, Third Party Advisory, VDB Entry] http://packetstormsecurity.com/files/166573/ALLMediaServer-1.6-Buffer-Overflow.html

[Exploit, Third Party Advisory] https://github.com/Matrix07ksa/ALLMediaServer-1.6-Buffer-Overflow

Scores

CVSS v3 9.8

EPSS 0.7934

EPSS Percentile 99.1%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Details

CWE

CWE-787

Status published

Products (1)

allmediaserver/allmediaserver 1.6

Published Apr 03, 2022

Tracked Since Feb 18, 2026