Vulnerabilities > CVE-2023-34312 - Release of Invalid Pointer or Reference vulnerability in Tencent QQ and TIM

CVSS 7.8 - HIGH

Attack vector

LOCAL

Attack complexity

LOW

Privileges required

LOW

Confidentiality impact

HIGH

Integrity impact

HIGH

Availability impact

HIGH

local

low complexity

tencent

CWE-763

NVD

Published: 2023-06-01

Updated: 2023-06-08

Summary

In Tencent QQ through 9.7.8.29039 and TIM through 3.4.7.22084, QQProtect.exe and QQProtectEngine.dll do not validate pointers from inter-process communication, which leads to a write-what-where condition.

Vulnerable Configurations

Part	Description	Count
Application	Tencent Tencent TIM * Tencent QQ *	2

Common Weakness Enumeration (CWE)

CWE-763 - Release of Invalid Pointer or Reference

References

https://github.com/vi3t1/qq-tim-elevation