Vulnerability Number: CVE-2023-34312
Level of importance: Important
Impact area: QQ 9.7.8.29039 - 9.7.8.29039 TIM 3.4.5.22071 - 3.4.7.22084
Principle: Tencent QQ sub-components QQProtect and QQProtectEngine.dll have arbitrary address writing security vulnerabilities, because QQProtect.exe does not have ASLR (Address Space Layout Randomization) protection attackers can combine the two vulnerabilities in the QQProtect.exe process to load a malicious DLL, and obtain the NT Authority\SYSTEM shell and the attack process is almost senseless.
Component directory: ProgramFiles(x86)%\Common Files\Tencent\QQProtect\bin
Disposal recommendation: it is recommended to update the program to the latest version, blocking this component will affect the program communication issues
Addendum: "Write-What-Where" (WWW) is commonly used to describe certain types of vulnerability attacks, especially in the memory management of operating systems. Write-What-Where" literally means "Write What, Write Where".
In a typical "Write-What-Where" vulnerability, an attacker can control two key elements:
What to write: i.e. the attacker can control the specific data to be written to memory.
Write location (Where): i.e., the memory address where the attacker can control the data to be written.
By exploiting such vulnerabilities, an attacker can modify the way a program runs or corrupt the system's memory, which can cause serious security problems. This can lead to various serious consequences such as arbitrary code execution, privilege escalation, etc.
[Read More]