cve/2023/CVE-2023-34312.md

### [CVE-2023-34312](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-34312)
![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue)
![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue)
![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen)

### Description

In Tencent QQ through 9.7.8.29039 and TIM through 3.4.7.22084, QQProtect.exe and QQProtectEngine.dll do not validate pointers from inter-process communication, which leads to a write-what-where condition.

### POC

#### Reference
- https://github.com/vi3t1/qq-tim-elevation

#### Github
- https://github.com/AO2233/awesome-stars
- https://github.com/CVEDB/awesome-cve-repo
- https://github.com/CVEDB/top
- https://github.com/CodeCraftsMan3/Trending-Repos-Tracker
- https://github.com/GhostTroops/TOP
- https://github.com/ProbiusOfficial/Awsome-Sec.CTF-Videomaker
- https://github.com/hktalent/TOP
- https://github.com/lan1oc/CVE-2023-34312-exp
- https://github.com/nomi-sec/PoC-in-GitHub
- https://github.com/silentEAG/awesome-stars
- https://github.com/u604b/Awsome-Stars
- https://github.com/u604b/awesome-stars
- https://github.com/vi3t1/qq-tim-elevation