Cyber Resilience

CVE-2023-34312

HighPublic PoC

Published: 01 June 2023

Published
01 June 2023
Modified
09 January 2025
KEV Added
Patch
CVSS Score v3.1 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
EPSS Score 0.0784 92.2th percentile
Risk Priority 20 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2023-34312 is a high-severity Release of Invalid Pointer or Reference (CWE-763) vulnerability in Tencent Qq. Its CVSS base score is 7.8 (High).

Operationally, ranked in the top 7.8% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.

Deeper analysis

CVE-2023-34312 affects Tencent QQ up to version 9.7.8.29039 and TIM up to 3.4.7.22084. The flaw resides in QQProtect.exe and QQProtectEngine.dll, which accept unvalidated pointers over inter-process communication channels and thereby permit an arbitrary write-what-where primitive (CWE-763). The issue carries a CVSS 3.1 base score of 7.8 under the local-attack vector.

A local, authenticated attacker can send crafted IPC messages to the QQProtect components, overwriting arbitrary kernel or user-mode memory locations. Successful exploitation yields full control over the affected process, enabling privilege escalation, credential theft, or persistent code execution on the host.

Public references consist solely of a proof-of-concept repository demonstrating the elevation technique; no vendor advisory or patch information is supplied in the available sources. The EPSS score has remained flat at 0.0784 since disclosure, indicating no measurable increase in observed exploitation activity.

EU & UK References

Vulnerability details

In Tencent QQ through 9.7.8.29039 and TIM through 3.4.7.22084, QQProtect.exe and QQProtectEngine.dll do not validate pointers from inter-process communication, which leads to a write-what-where condition.

CWE(s)

Related Threats

No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.

Affected Assets

tencent
qq
9.7.1.28940 — 9.7.8.29039
tencent
tim
3.4.5.22071 — 3.4.7.22084

Mitigating Controls

No mitigating controls mapped yet. The per-CVE control annotator has not reached this CVE.

References