CVE-2022-28381

CRITICAL

ALLMediaServer <1.6 - Buffer Overflow

Title source: llm

Exploitation Summary

EIP tracks 2 public exploits for CVE-2022-28381. PoCs published by DShankle, Hejap Zairy Al-Sharif, including Metasploit module exploits/windows/misc/cve_2022_28381_allmediaserver_bof.

AI-analyzed exploit summary This PoC exploits a buffer overflow vulnerability in a network service by sending a crafted payload to trigger a crash or potential code execution. The payload includes a specific memory address and padding to manipulate the stack.

Description

Mediaserver.exe in ALLMediaServer 1.6 has a stack-based buffer overflow that allows remote attackers to execute arbitrary code via a long string to TCP port 888, a related issue to CVE-2017-17932.

Exploits (2)

nomisec WORKING POC

by DShankle · poc

https://github.com/DShankle/CVE-2022-28381_PoC

View Code ZIP pw:eip

This PoC exploits a buffer overflow vulnerability in a network service by sending a crafted payload to trigger a crash or potential code execution. The payload includes a specific memory address and padding to manipulate the stack.

Classification

Working Poc 90%

Attack Type

Rce

Complexity

Moderate

Reliability

Theoretical

Target: Unknown (likely a network service vulnerable to buffer overflow)

No auth needed

Prerequisites: Network access to the target service · Service listening on port 888

MITRE ATT&CK

T1190 - Exploit Public-Facing Application

devstral-2 · analyzed Feb 16, 2026 Full analysis →

metasploit WORKING POC GOOD

by Hejap Zairy Al-Sharif · rubypocwin

https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/windows/misc/cve_2022_28381_allmediaserver_bof.rb

View Code ZIP pw:eip

This Metasploit module exploits a stack buffer overflow in ALLMediaServer 1.6 via a crafted HTTP request, leading to SEH overwrite and remote code execution. It targets x86/WoW64 systems and includes a structured payload with bad character avoidance.

Classification

Working Poc 100%

Attack Type

Rce

Complexity

Moderate

Reliability

Reliable

Target: ALLMediaServer 1.6

No auth needed

Prerequisites: Network access to target on port 888 · x86 or WoW64 target architecture

MITRE ATT&CK

T1190 - Exploit Public-Facing Application T1203 - Exploitation for Client Execution

devstral-2 · analyzed Feb 19, 2026 Full analysis →

References (2)

Core 2

Core References

Exploit, Third Party Advisory x_refsource_misc

https://github.com/Matrix07ksa/ALLMediaServer-1.6-Buffer-Overflow

View Exploit ZIP pw:eip

Exploit, Third Party Advisory, VDB Entry x_refsource_misc

http://packetstormsecurity.com/files/166573/ALLMediaServer-1.6-Buffer-Overflow.html

Scores

CVSS v3 9.8

EPSS 0.6906

EPSS Percentile 99.3%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Details

CWE

CWE-787

Status published

Products (1)

allmediaserver/allmediaserver 1.6

Published Apr 03, 2022

Tracked Since Feb 18, 2026