CVE-2023-54329
Remote Command Execution via Stack Overflow in Inbit Messenger
Publication date: 2026-01-13
Last updated on: 2026-01-13
Assigner: VulnCheck
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| inbit | messenger | From 4.6.0 (inc) to 4.9.0 (inc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-121 | A stack-based buffer overflow condition is a condition where the buffer being overwritten is allocated on the stack (i.e., is a local variable or, rarely, a parameter to a function). |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
CVE-2023-54329 is a critical remote command execution vulnerability in Inbit Messenger versions 4.6.0 through 4.9.0. It arises from a stack-based buffer overflow in the messenger's protocol, which can be triggered by sending specially crafted XML packets to port 10883. This overflow allows unauthenticated attackers to execute arbitrary system-level commands with system privileges by overwriting function pointers, specifically targeting the Windows API function WinExec. No authentication or user interaction is required to exploit this flaw. [2, 3]
How can this vulnerability impact me? :
This vulnerability allows attackers to remotely execute arbitrary commands on the affected system without any authentication, potentially leading to full system compromise. Attackers can gain system-level privileges, which can result in unauthorized access, data theft, system disruption, installation of malware, or further network penetration. The high severity and ease of exploitation make it a critical security risk for any organization using vulnerable versions of Inbit Messenger. [2, 3]
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability can be detected by monitoring network traffic for specially crafted XML packets sent to port 10883, which is the default port used by Inbit Messenger vulnerable versions. One approach is to capture and analyze packets targeting port 10883 for suspicious XML payloads that could trigger the stack overflow. Additionally, the exploit script described in Resource 3 connects to the target on port 10883 and sends a packet to retrieve the client build number from the server's response XML, which can help identify vulnerable versions. While no specific detection commands are provided, using network tools like tcpdump or Wireshark to filter traffic on port 10883 and inspecting XML packets could help detect exploitation attempts. For example, a command to capture traffic on port 10883 could be: tcpdump -i <interface> port 10883 -w capture.pcap [3]
What immediate steps should I take to mitigate this vulnerability?
Immediate mitigation steps include restricting or blocking network access to port 10883 on systems running vulnerable versions (4.6.0 through 4.9.0) of Inbit Messenger to prevent attackers from sending malicious XML packets. Since the vulnerability allows unauthenticated remote command execution, isolating the affected systems from untrusted networks is critical. Additionally, upgrading Inbit Messenger to a version that is not affected by this vulnerability (if available) or applying any vendor-provided patches should be prioritized. If patches are not available, disabling or uninstalling the vulnerable software until a fix is applied is recommended. [2, 3]