QwikSec

Security Database

CVE

CWE

Training

CVE-2010-20112

Published: Aug 21, 2025

Modified: Apr 7, 2026

PUBLISHED

Description

Amlib’s NetOpacs webquery.dll contains a stack-based buffer overflow vulnerability triggered by improper handling of HTTP GET parameters. Specifically, the application fails to enforce bounds on input supplied to the app parameter, allowing excessive data to overwrite memory structures including the Structured Exception Handler (SEH). Additionally, malformed parameter names followed by an equals sign may result in unintended control flow behavior. This vulnerability is exposed through IIS and affects legacy Windows deployments

Vendor	Product	Versions
Amlib	Amlibweb Library Management System	affected `*`

Weaknesses (CWE)

References

https://raw.githubusercontent.com/rapid7/metasploit-framework/master/modules/exploits/windows/http/amlibweb_webquerydll_app.rb

exploit

https://www.exploit-db.com/exploits/16793

exploit

https://www.fortiguard.com/encyclopedia/ips/24002

third-party-advisory

https://advisories.checkpoint.com/defense/advisories/public/2013/cpai-2013-1344.html

third-party-advisory

https://www.amlib.co.uk/product/product.aspx?menuId=top_products

product

https://www.vulncheck.com/advisories/amlibweb-netopacs-stack-buffer-overflow

third-party-advisory

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.