CVE-2022-50922

CriticalPublic PoC

Published: 13 January 2026

Published

13 January 2026

Modified

15 April 2026

KEV Added

—

Patch

—

CVSS Score 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

EPSS Score 0.0026 49.5th percentile

Risk Priority 20 60% EPSS · 20% KEV · 20% CVSS

Description

Audio Conversion Wizard v2.01 contains a buffer overflow vulnerability that allows attackers to execute arbitrary code by overwriting memory with a specially crafted registration code. Attackers can generate a payload that overwrites the application's memory stack, potentially enabling remote code…

execution through a carefully constructed input buffer.

Mitigating Controls (NIST 800-53 r5)AI

SI-16 Memory Protection good match

prevent

Implements memory safeguards such as stack canaries, DEP, and ASLR to directly prevent arbitrary code execution from stack buffer overflows in the registration code processing.

SI-10 Information Input Validation good match

prevent

Requires validation of the specially crafted registration code input to block buffer overflows before memory corruption occurs.

SI-2 Flaw Remediation good match

prevent

Mandates identification, reporting, and correction of the buffer overflow flaw through timely patching or replacement of Audio Conversion Wizard v2.01.

Security SummaryAI

CVE-2022-50922 is a buffer overflow vulnerability (CWE-120) affecting Audio Conversion Wizard version 2.01. The issue arises when the application processes a specially crafted registration code, which overwrites the memory stack and allows attackers to execute arbitrary code. This flaw potentially enables remote code execution through a carefully constructed input buffer.

Remote attackers can exploit this vulnerability over the network with low attack complexity, requiring no privileges or user interaction, as reflected in its CVSS v3.1 base score of 9.8 (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H). Successful exploitation grants high-impact access to confidentiality, integrity, and availability, allowing full compromise of the affected system.

Advisories from VulnCheck and an Exploit-DB entry (exploit 50811) document the buffer overflow details, while the vendor site at litexmedia.com/audio-wizard/ provides information on the software. No patches or specific mitigations are detailed in the referenced sources.

A public proof-of-concept exploit is available on Exploit-DB, highlighting the risk of real-world exploitation.

Details

CWE(s): CWE-120

MITRE ATT&CK Enterprise TechniquesAI

T1190 Exploit Public-Facing Application Initial Access

Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.

attack.mitre.org →

Why these techniques?

The vulnerability enables remote code execution via a buffer overflow in a network-accessible application without authentication or user interaction, directly mapping to exploitation of a public-facing application.

Confidence: HIGH · MITRE ATT&CK Enterprise v19.0

References

https://www.exploit-db.com/exploits/50811
disclosure@vulncheck.com
https://www.litexmedia.com/audio-wizard/
disclosure@vulncheck.com
https://www.vulncheck.com/advisories/audio-conversion-wizard-buffer-overflow
disclosure@vulncheck.com