File tree 1 file changed +32
-0
lines changed
1 file changed +32
-0
lines changed Original file line number Diff line number Diff line change 1+ ** CVEID** : CVE-2020 -10551
2+
3+ ** Name of the affected product(s) and version(s)** : QQBrowser (all versions prior to 10.5.3870.400)
4+
5+ ** Problem type** : CWE-284: Improper Access Control
6+
7+ ---
8+
9+ ** Summary**
10+
11+ QQBrowser is a web browser developed by Tencent. It is one of the most popular web browsers used in China.
12+ During our tests, we have found a vulnerability which allows an unprivileged local attacker to gain code
13+ execution as NT AUTHORITY\SYSTEM.
14+
15+ All version of QQBrowser prior to 10.5.3870.400 do not correctly set up ACLs for a TsService.exe file.
16+ A malicious local attacker could overwrite the file to gain access to NT AUTHORITY\SYSTEM account, which
17+ is the highest privileged account on a Windows system.
18+
19+ ** Description**
20+
21+ QQBrowser creates a Windows service with ImagePath pointing to a TsService.exe file in its installation directory
22+ (default: C:\Program Files (x86)\Tencent\QQBrowser\TsService.exe). This file’s permissions allow for writing by members
23+ of NT AUTHORITY\Authenticated Users group which by default includes all users. An attacker could exploit the vulnerability
24+ by replacing TsService.exe with his own executable, which would then be invoked with NT AUTHORITY\SYSTEM privileges.
25+
26+ ** Reproduction**
27+
28+ Delete TsService.exe and replace it with a different program. Reboot the system.
29+
30+ ** Remedy**
31+
32+ Install a newer version of QQBrowser.
You can’t perform that action at this time.
0 commit comments