A critical remote code execution vulnerability exists in multiple versions of Inbit Messenger. This flaw allows an unauthenticated attacker to take complete control of a vulnerable Windows system by sending a specially crafted network packet, without requiring any user interaction. Successful exploitation can lead to a full system compromise, enabling data theft, ransomware deployment, or further attacks on the network.

The vulnerability is a remote, unauthenticated stack-based buffer overflow within the network handling component of Inbit Messenger. An attacker can send a malformed network packet containing a specifically designed payload that exceeds the buffer's capacity. This allows the attacker to overwrite critical data on the stack, including the Structured Exception Handler (SEH) chain, to redirect the program's execution flow to attacker-supplied shellcode, resulting in arbitrary code execution with the privileges of the messenger application.

This vulnerability is rated as critical severity with a CVSS score of 9.8. A successful exploit would grant an attacker complete control over the affected system, leading to severe business consequences. These include the potential for intellectual property theft, exfiltration of sensitive customer or corporate data, deployment of ransomware, and operational disruption. Since the vulnerability is remotely exploitable without authentication, any vulnerable system accessible over the network serves as a direct entry point for attackers to establish a foothold and move laterally within the organization's network.

Immediate Action: Immediately identify all systems running vulnerable versions of Inbit Messenger (4.6.0 to 4.9.0) and update them to the latest patched version provided by the vendor. After patching, review system and application logs for any signs of compromise that may have occurred prior to the update.

Proactive Monitoring: Implement enhanced network monitoring to detect and alert on anomalous traffic patterns or malformed packets directed at the Inbit Messenger service port. On host systems, monitor for unexpected crashes of the messenger application, unusual process behavior (e.g., messenger spawning command shells), and alerts from EDR or antivirus solutions related to memory corruption or shellcode execution.

Compensating Controls: If immediate patching is not feasible, implement the following controls to reduce risk:

• Use a firewall or Intrusion Prevention System (IPS) with signatures to detect and block the specific malformed packets associated with this exploit.
• Restrict network access to the Inbit Messenger service only to trusted hosts and subnets.
• Ensure host-based security controls like Data Execution Prevention (DEP) and Address Space Layout Randomization (ASLR) are enabled on the underlying Windows operating systems to make exploitation more difficult.

Public Exploit Available: true

Given the critical CVSS score of 9.8 and the ability for an unauthenticated attacker to achieve remote code execution, this vulnerability poses an immediate and severe threat to the organization. We strongly recommend that all vulnerable instances of Inbit Messenger be patched immediately as a top priority. Due to the high likelihood of exploitation, organizations should assume they are being targeted and proactively hunt for signs of compromise, even after remediation is complete.