CVE-2023-54330
Unknown Unknown - Not Provided
Remote Stack-Based Buffer Overflow in Inbit Messenger Enables RCE

Publication date: 2026-01-13

Last updated on: 2026-01-13

Assigner: VulnCheck

Description
Inbit Messenger versions 4.6.0 to 4.9.0 contain a remote stack-based buffer overflow vulnerability that allows unauthenticated attackers to execute arbitrary code by sending malformed network packets. Attackers can craft a specially designed payload targeting the messenger's network handler to overwrite the Structured Exception Handler (SEH) and execute shellcode on vulnerable Windows systems.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-01-13
Last Modified
2026-01-13
Generated
2026-06-16
AI Q&A
2026-01-14
EPSS Evaluated
2026-06-15
NVD
CVE-2023-54330
Affected Vendors & Products
Showing 2 associated CPEs
Vendor Product Version / Range
inbit messenger From 4.6.0 (inc) to 4.9.0 (inc)
inbit messenger_basic_edition 4.6.0_build_4601
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-121 A stack-based buffer overflow condition is a condition where the buffer being overwritten is allocated on the stack (i.e., is a local variable or, rarely, a parameter to a function).
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

This vulnerability is a remote stack-based buffer overflow in Inbit Messenger versions 4.6.0 to 4.9.0 on Windows systems. An unauthenticated attacker can send specially crafted malformed network packets to the messenger's network handler, causing an overflow that overwrites the Structured Exception Handler (SEH). This allows the attacker to execute arbitrary code remotely without any authentication or user interaction. [1, 4]

Impact Analysis

The vulnerability allows attackers to remotely execute arbitrary code on affected systems without authentication. This can lead to full compromise of the system, including unauthorized access, data theft, system manipulation, or disruption of services. Because it requires no user interaction and no privileges, it poses a severe security risk to any environment running vulnerable versions of Inbit Messenger. [1, 4]

Detection Guidance

This vulnerability can be detected by monitoring network traffic for suspicious TCP packets sent to the default Inbit Messenger port 10883 containing unusually large or malformed payloads designed to overflow the SEH chain. A practical detection method is to capture and analyze network packets targeting port 10883 using tools like tcpdump or Wireshark. For example, you can use the command: `tcpdump -i <interface> tcp port 10883 -vvv -X` to capture and inspect packets. Additionally, monitoring for unexpected crashes or abnormal behavior of Inbit Messenger on Windows systems (XP SP3, 7, 10) may indicate exploitation attempts. Since the exploit sends a payload of at least 1600 bytes starting with 40 'A' characters followed by specific SEH overwrite patterns, custom IDS/IPS signatures can be created to detect such patterns. [1]

Mitigation Strategies

Immediate mitigation steps include: 1) Disabling or blocking network access to the default Inbit Messenger port 10883 at the firewall to prevent remote exploitation attempts. 2) Updating or patching Inbit Messenger to a version later than 4.9.0 if available, as versions 4.6.0 to 4.9.0 are vulnerable. 3) If patching is not immediately possible, consider temporarily uninstalling or disabling the Inbit Messenger service on Windows systems to eliminate exposure. 4) Monitor network traffic and system logs for signs of exploitation attempts. 5) Implement network intrusion detection/prevention systems with signatures targeting the described SEH overflow payload patterns to detect and block attacks. [1, 4]

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2023-54330. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart