Lucene search
HistoryJun 01, 2023 - 3:15 a.m.
CVE-2023-34312
tencent qq
tim
vulnerability
inter-process communication
write-what-where
validation
pointers
CVSS3
7.8
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
EPSS
0
Percentile
9.0%
In Tencent QQ through 9.7.8.29039 and TIM through 3.4.7.22084, QQProtect.exe and QQProtectEngine.dll do not validate pointers from inter-process communication, which leads to a write-what-where condition.
Affected configurations
Node
tencentqqRange9.7.1.28940–9.7.8.29039
ORtencenttimRange3.4.5.22071–3.4.7.22084
References
Related
cvelist
cvelist
CVE-2023-34312
2023-06-01 00:00:00
githubexploit
githubexploit
Exploit for Release of Invalid Pointer or Reference in Tencent Qq
2023-08-07 13:09:11
Exploit for CVE-2014-4210
2022-03-19 01:54:15
Exploit for CVE-2014-4210
2022-03-19 01:54:15
prion
prion
Design/Logic Flaw
2023-06-01 03:15:00
cve
cve
CVE-2023-34312
2023-06-01 03:15:20
CVSS3
7.8
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
EPSS
0
Percentile
9.0%
Related for NVD:CVE-2023-34312