CVE-2023-34312

Name of the Vulnerable Software and Affected Versions Tencent QQ versions 9.7.8.29039 and earlier TIM versions 3.4.7.22084 and earlier

Description The issue arises from the failure of QQProtect.exe and QQProtectEngine.dll to validate pointers from inter-process communication, leading to a write-what-where condition. This allows for potential exploitation.

Recommendations For Tencent QQ versions 9.7.8.29039 and earlier, consider disabling the QQProtect.exe and QQProtectEngine.dll components until a patch is available. For TIM versions 3.4.7.22084 and earlier, restrict access to the QQProtect.exe and QQProtectEngine.dll modules to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.