CVE-2023-54329
Unknown Unknown - Not Provided
Remote Command Execution via Stack Overflow in Inbit Messenger

Publication date: 2026-01-13

Last updated on: 2026-01-13

Assigner: VulnCheck

Description
Inbit Messenger 4.6.0 - 4.9.0 contains a remote command execution vulnerability that allows unauthenticated attackers to execute arbitrary commands by exploiting a stack overflow in the messenger's protocol. Attackers can send specially crafted XML packets to port 10883 with a malicious payload to trigger the vulnerability and execute commands with system privileges.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-01-13
Last Modified
2026-01-13
Generated
2026-06-16
AI Q&A
2026-01-14
EPSS Evaluated
2026-06-15
NVD
CVE-2023-54329
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
inbit messenger From 4.6.0 (inc) to 4.9.0 (inc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-121 A stack-based buffer overflow condition is a condition where the buffer being overwritten is allocated on the stack (i.e., is a local variable or, rarely, a parameter to a function).
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

CVE-2023-54329 is a critical remote command execution vulnerability in Inbit Messenger versions 4.6.0 through 4.9.0. It arises from a stack-based buffer overflow in the messenger's protocol, which can be triggered by sending specially crafted XML packets to port 10883. This overflow allows unauthenticated attackers to execute arbitrary system-level commands with system privileges by overwriting function pointers, specifically targeting the Windows API function WinExec. No authentication or user interaction is required to exploit this flaw. [2, 3]

Impact Analysis

This vulnerability allows attackers to remotely execute arbitrary commands on the affected system without any authentication, potentially leading to full system compromise. Attackers can gain system-level privileges, which can result in unauthorized access, data theft, system disruption, installation of malware, or further network penetration. The high severity and ease of exploitation make it a critical security risk for any organization using vulnerable versions of Inbit Messenger. [2, 3]

Detection Guidance

This vulnerability can be detected by monitoring network traffic for specially crafted XML packets sent to port 10883, which is the default port used by Inbit Messenger vulnerable versions. One approach is to capture and analyze packets targeting port 10883 for suspicious XML payloads that could trigger the stack overflow. Additionally, the exploit script described in Resource 3 connects to the target on port 10883 and sends a packet to retrieve the client build number from the server's response XML, which can help identify vulnerable versions. While no specific detection commands are provided, using network tools like tcpdump or Wireshark to filter traffic on port 10883 and inspecting XML packets could help detect exploitation attempts. For example, a command to capture traffic on port 10883 could be: tcpdump -i <interface> port 10883 -w capture.pcap [3]

Mitigation Strategies

Immediate mitigation steps include restricting or blocking network access to port 10883 on systems running vulnerable versions (4.6.0 through 4.9.0) of Inbit Messenger to prevent attackers from sending malicious XML packets. Since the vulnerability allows unauthenticated remote command execution, isolating the affected systems from untrusted networks is critical. Additionally, upgrading Inbit Messenger to a version that is not affected by this vulnerability (if available) or applying any vendor-provided patches should be prioritized. If patches are not available, disabling or uninstalling the vulnerable software until a fix is applied is recommended. [2, 3]

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2023-54329. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart