CVE-2010-20112
Amlibweb NetOpacs webquery.dll Stack Buffer Overflow
Vexday Risk Score
63High priority
SSVC decision (CISA)
Attend
PoC available → attend closely
CVSS 9.3EPSS 1.0%KEV nãoPoC públicaNuclei —Metasploit simPatch —
Lifecycle
03 Aug 2010Metasploit module available
21 Aug 2025Published on NVD
Recommendation: Plan a near-term fix — a public PoC already exists.
Amlib’s NetOpacs webquery.dll contains a stack-based buffer overflow vulnerability triggered by improper handling of HTTP GET parameters. Specifically, the application fails to enforce bounds on input supplied to the app parameter, allowing excessive data to overwrite memory structures including the Structured Exception Handler (SEH). Additionally, malformed parameter names followed by an equals sign may result in unintended control flow behavior. This vulnerability is exposed through IIS and affects legacy Windows deployments
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
Affected products
Amlib · Amlibweb Library Management Systempublic PoCs found — 2
cve_referenceraw.githubusercontent.com/rapid7/metasploit-framework/master/modules/exploits/windows/http/amlibweb_webquerydll_app.rbunverifiedcve_referencewww.exploit-db.com/exploits/16793unverified⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.
Want to know if your infrastructure is exposed to this?
Talk to TrueHacking →References
https://advisories.checkpoint.com/defense/advisories/public/2013/cpai-2013-1344.htmlhttps://raw.githubusercontent.com/rapid7/metasploit-framework/master/modules/exploits/windows/http/amlibweb_webquerydll_app.rbhttps://www.amlib.co.uk/product/product.aspx?menuId=top_productshttps://www.exploit-db.com/exploits/16793https://www.fortiguard.com/encyclopedia/ips/24002https://www.vulncheck.com/advisories/amlibweb-netopacs-stack-buffer-overflow