CVE-2023-54330
Remote Stack-Based Buffer Overflow in Inbit Messenger Enables RCE
Publication date: 2026-01-13
Last updated on: 2026-01-13
Assigner: VulnCheck
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| inbit | messenger | From 4.6.0 (inc) to 4.9.0 (inc) |
| inbit | messenger_basic_edition | 4.6.0_build_4601 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-121 | A stack-based buffer overflow condition is a condition where the buffer being overwritten is allocated on the stack (i.e., is a local variable or, rarely, a parameter to a function). |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability is a remote stack-based buffer overflow in Inbit Messenger versions 4.6.0 to 4.9.0 on Windows systems. An unauthenticated attacker can send specially crafted malformed network packets to the messenger's network handler, causing an overflow that overwrites the Structured Exception Handler (SEH). This allows the attacker to execute arbitrary code remotely without any authentication or user interaction. [1, 4]
How can this vulnerability impact me? :
The vulnerability allows attackers to remotely execute arbitrary code on affected systems without authentication. This can lead to full compromise of the system, including unauthorized access, data theft, system manipulation, or disruption of services. Because it requires no user interaction and no privileges, it poses a severe security risk to any environment running vulnerable versions of Inbit Messenger. [1, 4]
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability can be detected by monitoring network traffic for suspicious TCP packets sent to the default Inbit Messenger port 10883 containing unusually large or malformed payloads designed to overflow the SEH chain. A practical detection method is to capture and analyze network packets targeting port 10883 using tools like tcpdump or Wireshark. For example, you can use the command: `tcpdump -i <interface> tcp port 10883 -vvv -X` to capture and inspect packets. Additionally, monitoring for unexpected crashes or abnormal behavior of Inbit Messenger on Windows systems (XP SP3, 7, 10) may indicate exploitation attempts. Since the exploit sends a payload of at least 1600 bytes starting with 40 'A' characters followed by specific SEH overwrite patterns, custom IDS/IPS signatures can be created to detect such patterns. [1]
What immediate steps should I take to mitigate this vulnerability?
Immediate mitigation steps include: 1) Disabling or blocking network access to the default Inbit Messenger port 10883 at the firewall to prevent remote exploitation attempts. 2) Updating or patching Inbit Messenger to a version later than 4.9.0 if available, as versions 4.6.0 to 4.9.0 are vulnerable. 3) If patching is not immediately possible, consider temporarily uninstalling or disabling the Inbit Messenger service on Windows systems to eliminate exposure. 4) Monitor network traffic and system logs for signs of exploitation attempts. 5) Implement network intrusion detection/prevention systems with signatures targeting the described SEH overflow payload patterns to detect and block attacks. [1, 4]