CVE-2023-54334
Published: 13 January 2026
Summary
CVE-2023-54334 is a high-severity Stack-based Buffer Overflow (CWE-121) vulnerability in Explorerplusplus Explorer\+\+. Its CVSS base score is 7.0 (High).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked at the 38.8th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.
The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-16 (Memory Protection).
Deeper analysis
CVE-2023-54334 is a buffer overflow vulnerability affecting Explorer32++ version 1.3.5.531, specifically in its Structured Exception Handler (SEH) records. The flaw, tied to CWE-121 (Stack-based Buffer Overflow) and CWE-787 (Out-of-bounds Write), can be triggered by supplying a file name argument exceeding 396 characters. This corrupts the SEH chain, enabling attackers to execute arbitrary code. The vulnerability carries a CVSS v3.1 base score of 9.8 (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H), indicating critical severity due to its network accessibility and high impact on confidentiality, integrity, and availability.
Unauthenticated remote attackers can exploit this vulnerability without requiring privileges or user interaction. By providing a specially crafted long file name argument, they corrupt the SEH chain and achieve arbitrary code execution on the targeted system running the affected Explorer32++ version.
Advisories and references highlight the issue without detailing patches, as Explorer32++ appears to be an open-source project with an archived homepage. A proof-of-concept exploit is publicly available on Exploit-DB (ID 51077), and Vulncheck has published an advisory on the buffer overflow. Security practitioners should avoid using version 1.3.5.531 and monitor for updates, though none are explicitly referenced.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2026-2589
Vulnerability details
Explorer32++ 1.3.5.531 contains a buffer overflow vulnerability in Structured Exception Handler (SEH) records that allows attackers to execute arbitrary code. Attackers can exploit the vulnerability by providing a long file name argument over 396 characters to corrupt the SEH chain…
more
and potentially execute malicious code.
- CWE(s)
Related Threats
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Remote unauthenticated buffer overflow enabling arbitrary code execution on a network-accessible application directly maps to exploitation of public-facing apps.
CVEs Like This One
Affected Assets
Mitigating Controls
Mitigating Controls (NIST 800-53 r5) AI
Directly requires validation of file name inputs to block excessively long strings that trigger the buffer overflow and SEH corruption.
Implements memory protections like DEP, ASLR, and stack canaries that mitigate SEH chain overwrite exploits from buffer overflows.
Mandates timely identification, reporting, and remediation of flaws such as CVE-2023-54334 by patching, updating, or removing the vulnerable Explorer32++ software.