CVE-2019-17151

Name of the Vulnerable Software and Affected Versions Tencent WeChat versions prior to 7.0.9

Description This issue allows remote attackers to redirect users to an external resource on affected installations. User interaction is required, as the target must be within a chat session with the attacker. The flaw exists within the parsing of a user's profile, specifically in the failure to properly validate a user's name, stored in the name variable. An attacker can leverage this, potentially in conjunction with other issues, to execute code in the context of the current process.

Recommendations For versions prior to 7.0.9, update to version 7.0.9 or later to resolve the issue. As a temporary workaround, consider restricting user interactions within chat sessions to minimize the risk of exploitation.