Dylib Injection Vulnerability in XMachOViewer by Horsicq
CVE-2023-49313

9.8CRITICAL

Key Information:

Vendor: Horsicq
Status: Xmachoviewer
Vendor: CVE Published:; 28 November 2023

Badges

👾 Exploit Exists🟡 Public PoC

What is CVE-2023-49313?

A dylib injection vulnerability exists in XMachOViewer version 0.04 that allows attackers to inject unauthorized code into the application's processes. This exploitation can compromise the integrity of the application, potentially permitting attackers to gain remote control and unauthorized access to sensitive user data. Users of this software should take immediate precautions to mitigate potential risks associated with this vulnerability.

Exploit Proof of Concept (PoC)

PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.

CVE-2023-49313
Created by louiselalanne

References

https://github.com/horsicq/XMachOViewer

https://github.com/louiselalanne/CVE-2023-49313

CVSS V3.1

Score:

9.8

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Nov 28, 2023
🟡
Public PoC available
Nov 27, 2023
👾
Exploit known to exist
Nov 27, 2023
Vulnerability Reserved
Nov 26, 2023

CVE-2023-49313 Data

JSON