A-Rey

**Name of the Vulnerable Software and Affected Versions** Inbit Messenger versions 4.6.0 through 4.9.0 **Description** Inbit Messenger versions 4.6.0 through 4.9.0 have a remote command execution issue. Unauthenticated attackers can execute arbitrary commands by exploiting a stack overflow in the messenger's protocol. Attackers can send specially crafted XML packets to port `10883` with a malicious payload to trigger the issue and execute commands with system privileges. **Recommendations** Update Inbit Messenger to a version later than 4.9.0.

**Name of the Vulnerable Software and Affected Versions** Inbit Messenger versions 4.6.0 through 4.9.0 **Description** A remote stack-based buffer overflow exists in Inbit Messenger that allows unauthenticated attackers to execute arbitrary code. This is achieved by sending malformed network packets to the messenger's network handler. Successful exploitation allows attackers to overwrite the Structured Exception Handler (SEH) and execute shellcode on vulnerable Windows systems. **Recommendations** Update Inbit Messenger to a version later than 4.9.0.