Vulnerabilities > CVE-2023-34312 - Release of Invalid Pointer or Reference vulnerability in Tencent QQ and TIM

047910
CVSS 7.8 - HIGH
Attack vector
LOCAL
Attack complexity
LOW
Privileges required
LOW
Confidentiality impact
HIGH
Integrity impact
HIGH
Availability impact
HIGH
local
low complexity
tencent
CWE-763

Summary

In Tencent QQ through 9.7.8.29039 and TIM through 3.4.7.22084, QQProtect.exe and QQProtectEngine.dll do not validate pointers from inter-process communication, which leads to a write-what-where condition.

Vulnerable Configurations

Part Description Count
Application
Tencent
4

Common Weakness Enumeration (CWE)