CVE-2020-10551

HIGH

QQBrowser <10.5.3870.400 - Privilege Escalation

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2020-10551. PoCs published by seqred-s-a.

AI-analyzed exploit summary This PoC exploits an improper access control vulnerability in QQBrowser by overwriting the TsService.exe file with a malicious executable, leading to privilege escalation to NT AUTHORITY\SYSTEM upon service restart.

Description

QQBrowser before 10.5.3870.400 installs a Windows service TsService.exe. This file is writable by anyone belonging to the NT AUTHORITY\Authenticated Users group, which includes all local and remote users. This can be abused by local attackers to escalate privileges to NT AUTHORITY\SYSTEM by writing a malicious executable to the location of TsService.

Exploits (1)

nomisec WORKING POC 1 stars
by seqred-s-a · poc
https://github.com/seqred-s-a/CVE-2020-10551

This PoC exploits an improper access control vulnerability in QQBrowser by overwriting the TsService.exe file with a malicious executable, leading to privilege escalation to NT AUTHORITY\SYSTEM upon service restart.

Classification
Working Poc 100%
Attack Type
Lpe
Complexity
Trivial
Reliability
Reliable
Target: QQBrowser (all versions prior to 10.5.3870.400)
Auth required
Prerequisites: Local access to the system · QQBrowser installed with vulnerable version · Authenticated user privileges
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (2)

Core 2
Core References
Third Party Advisory x_refsource_misc
https://github.com/seqred-s-a/CVE-2020-10551

Scores

CVSS v3 7.8
EPSS 0.0141
EPSS Percentile 69.2%
Attack Vector LOCAL
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Details

CWE
CWE-732
Status published
Products (1)
tencent/qqbrowser < 10.5.3870.400
Published Apr 09, 2020
Tracked Since Feb 18, 2026