3 matches found
CVE-2021-33879
Tencent GameLoop before 4.1.21.90 downloaded updates over an insecure HTTP connection. A malicious attacker in an MITM position could spoof the contents of an XML document describing an update package, replacing a download URL with one pointing to an arbitrary Windows executable. Because the only...
CVE-2021-33879
Tencent GameLoop before 4.1.21.90 downloaded updates over an insecure HTTP connection. A malicious attacker in an MITM position could spoof the contents of an XML document describing an update package, replacing a download URL with one pointing to an arbitrary Windows executable. Because the only...
CVE-2021-33879
Tencent GameLoop before 4.1.21.90 downloads updates over HTTP, enabling MITM tampering of the update package XML. An attacker could replace the download URL with a path to an arbitrary Windows executable; the only integrity check is an MD5 comparison with the XML, allowing the executable to run o...