CVE-2023-34312

HIGH

Tencent QQ <9.7.8.29039 & TIM <3.4.7.22084 - Memory Corruption

Title source: llm

Description

In Tencent QQ through 9.7.8.29039 and TIM through 3.4.7.22084, QQProtect.exe and QQProtectEngine.dll do not validate pointers from inter-process communication, which leads to a write-what-where condition.

Exploits (2)

nomisec WORKING POC 421 stars

by vi3t1 · poc

https://github.com/vi3t1/qq-tim-elevation

View Code ZIP pw:eip

nomisec WORKING POC 8 stars

by lan1oc · poc

https://github.com/lan1oc/CVE-2023-34312-exp

View Code ZIP pw:eip

References (1)

[Exploit, Third Party Advisory] https://github.com/vi3t1/qq-tim-elevation

Scores

CVSS v3 7.8

EPSS 0.0412

EPSS Percentile 88.7%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment

Exploitation poc

Automatable no

Technical Impact total

Details

CWE

CWE-763

Status published

Products (2)

tencent/qq 9.7.1.28940 - 9.7.8.29039

tencent/tim 3.4.5.22071 - 3.4.7.22084

Published Jun 01, 2023

Tracked Since Feb 18, 2026