CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 2CVE-2023-34312
https://notcve.org/view.php?id=CVE-2023-34312
In Tencent QQ through 9.7.8.29039 and TIM through 3.4.7.22084, QQProtect.exe and QQProtectEngine.dll do not validate pointers from inter-process communication, which leads to a write-what-where condition. • https://github.com/lan1oc/CVE-2023-34312-exp https://github.com/vi3t1/qq-tim-elevation • CWE-763: Release of Invalid Pointer or Reference •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2020-24160
https://notcve.org/view.php?id=CVE-2020-24160
Shenzhen Tencent TIM Windows client 3.0.0.21315 has a DLL hijacking vulnerability, which can be exploited by attackers to execute malicious code. El cliente Shenzhen Tencent TIM Windows versión 3.0.0.21315, presenta una vulnerabilidad de secuestro de DLL, que puede ser explotada por los atacantes para ejecutar código malicioso • https://www.cnvd.org.cn/flaw/show/2105395 • CWE-427: Uncontrolled Search Path Element •