cbcvebase.
CVE-2022-28381
published 2022-04-03

CVE-2022-28381: Mediaserver.exe in ALLMediaServer 1.6 has a stack-based buffer overflow that allows remote attackers to execute arbitrary code via a long string to TCP port…

PriorityP179critical9.8CVSS 3.1
AVNACLPRNUINSUCHIHAH
EXPLOIT
EPSS
68.73%
99.3th percentile
Mediaserver.exe in ALLMediaServer 1.6 has a stack-based buffer overflow that allows remote attackers to execute arbitrary code via a long string to TCP port 888, a related issue to CVE-2017-17932.

Affected

1 ranges
VendorProductVersion rangeFixed in
allmediaserverallmediaserver

Detection & IOCsextracted from sources · hover to see the quote

portTCP/888
processMediaserver.exe
versionALLMediaServer 1.6
  • Exploit triggers a SEH (Structured Exception Handler) overwrite via an oversized HTTP request to TCP port 888; monitor for abnormally large HTTP requests directed at port 888 on Windows hosts running ALLMediaServer.
  • Exploitation is limited to x86 or WoW64 process targets; detection should focus on 32-bit Mediaserver.exe processes or WoW64-hosted instances on 64-bit Windows systems.
  • A public Metasploit module exists for this CVE (cve_2022_28381_allmediaserver_bof.rb); alert on exploitation attempts matching the module's payload delivery pattern to TCP/888.
  • ·The overflow is triggered by a long string in an HTTP request; the exact length threshold for the buffer overflow is not specified in the available sources, which may affect tuning of length-based detection rules.
  • ·The Metasploit exploit only supports x86 and WoW64 targets; detections or mitigations assuming 64-bit native processes will not apply to this attack vector.

CVSS provenance

nvdv3.19.8CRITICALCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvdv2.010.0CRITICALAV:N/AC:L/Au:N/C:C/I:C/A:C
CVEs like this are exactly what “Exploited This Week” covers.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.