CVE-2023-49313

CRITICAL

XMachOViewer 0.04 - Unauthenticated Code Injection via Dylib Injection

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2023-49313. PoCs published by louiselalanne.

AI-analyzed exploit summary This repository provides a functional proof-of-concept for CVE-2023-49313, demonstrating a dylib injection vulnerability in XMachOViewer 0.04. It includes a malicious dylib that can be injected into the application's process using the DYLD_INSERT_LIBRARIES environment variable.

Description

A dylib injection vulnerability in XMachOViewer 0.04 allows attackers to compromise integrity. By exploiting this, unauthorized code can be injected into the product's processes, potentially leading to remote control and unauthorized access to sensitive user data.

Exploits (1)

nomisec WORKING POC 4 stars

by louiselalanne · poc

https://github.com/louiselalanne/CVE-2023-49313

View Code ZIP pw:eip

This repository provides a functional proof-of-concept for CVE-2023-49313, demonstrating a dylib injection vulnerability in XMachOViewer 0.04. It includes a malicious dylib that can be injected into the application's process using the DYLD_INSERT_LIBRARIES environment variable.

Classification

Working Poc 95%

Attack Type

Lpe

Complexity

Trivial

Reliability

Reliable

Target: XMachOViewer 0.04

No auth needed

Prerequisites: Access to the target macOS system · Ability to compile a dylib · Ability to set environment variables

MITRE ATT&CK

T1574.006 - Dynamic Linker Hijacking

devstral-2 · analyzed Feb 18, 2026 Full analysis →

References (2)

Core 2

Core References

Product

https://github.com/horsicq/XMachOViewer

Exploit, Third Party Advisory

https://github.com/louiselalanne/CVE-2023-49313

Scores

CVSS v3 9.8

EPSS 0.0132

EPSS Percentile 67.1%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Details

CWE

CWE-94

Status published

Products (1)

horsicq/xmachoviewer 0.04

Published Nov 28, 2023

Tracked Since Feb 18, 2026