Todd Han

**Name of the Vulnerable Software and Affected Versions** Tencent WeChat versions prior to 7.0.9 **Description** This issue allows remote attackers to redirect users to an external resource on affected installations. User interaction is required, as the target must be within a chat session with the attacker. The flaw exists within the parsing of a user's profile, specifically in the failure to properly validate a user's name, stored in the `name` variable. An attacker can leverage this, potentially in conjunction with other issues, to execute code in the context of the current process. **Recommendations** For versions prior to 7.0.9, update to version 7.0.9 or later to resolve the issue. As a temporary workaround, consider restricting user interactions within chat sessions to minimize the risk of exploitation.