Exploitation Summary
EIP tracks 1 public exploit for CVE-2022-3365.
PoCs published by h00die, 0RPHON, H4rk3nz0, including Metasploit module exploits/windows/misc/remote_mouse_rce.
AI-analyzed exploit summary This Metasploit module exploits CVE-2022-3365 in Remote Mouse Server by Emote Interactive (versions < 4.200) to achieve remote code execution. It leverages the protocol's key simulation feature to open a command prompt and execute a payload via certutil.exe.
Description
Due to reliance on a trivial substitution cipher, sent in cleartext, and the reliance on a default password when the user does not set a password, the Remote Mouse Server by Emote Interactive can be abused by attackers to inject OS commands over theproduct's custom control protocol. A Metasploit module was written and tested against version 4.110, the current version when this CVE was reserved.
Exploits (1)
This Metasploit module exploits CVE-2022-3365 in Remote Mouse Server by Emote Interactive (versions < 4.200) to achieve remote code execution. It leverages the protocol's key simulation feature to open a command prompt and execute a payload via certutil.exe.
References (1)
Scores
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H