CVE-2023-53966

CRITICAL

SOUND4 LinkAndShare Transmitter 1.1.2 - Memory Corruption

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2023-53966. PoCs published by LiquidWorm.

AI-analyzed exploit summary This exploit demonstrates a format string vulnerability combined with a stack buffer overflow in SOUND4 LinkAndShare Transmitter 1.1.2. The PoC leverages the username environment variable to trigger the vulnerability, leading to a crash and potential code execution.

Description

SOUND4 LinkAndShare Transmitter 1.1.2 contains a format string vulnerability that allows attackers to trigger memory stack overflows through maliciously crafted environment variables. Attackers can manipulate the username environment variable with format string payloads to potentially execute arbitrary code and crash the application.

Exploits (1)

exploitdb WORKING POC
by LiquidWorm · textremotehardware
https://www.exploit-db.com/exploits/51259

This exploit demonstrates a format string vulnerability combined with a stack buffer overflow in SOUND4 LinkAndShare Transmitter 1.1.2. The PoC leverages the username environment variable to trigger the vulnerability, leading to a crash and potential code execution.

Classification
Working Poc 95%
Attack Type
Rce
Complexity
Moderate
Reliability
Reliable
Target: SOUND4 LinkAndShare Transmitter 1.1.2
No auth needed
Prerequisites: Environment variable manipulation (username) · Local or remote execution context where the vulnerable application processes the username variable
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (4)

Core 4

Scores

CVSS v3 9.8
EPSS 0.0062
EPSS Percentile 44.7%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment
Exploitation poc
Automatable yes
Technical Impact total

Details

CWE
CWE-134
Status published
Products (1)
sound4/linkandshare_transmitter 1.1.2
Published Dec 22, 2025
Tracked Since Feb 18, 2026