CVE-2023-34312
Description
In Tencent QQ through 9.7.8.29039 and TIM through 3.4.7.22084, QQProtect.exe and QQProtectEngine.dll do not validate pointers from inter-process communication, which leads to a write-what-where condition.
NVD
Severity: HIGH
CVE ID: CVE-2023-34312
CVSS Score: 7.8
CVSS Metrics: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Proof Of Concept
vi3t1
CVE-2023-34312
Refrence: GitHub
lan1oc
复现CVE-2023-34312所需的两个恶意dll文件
Refrence: GitHub