Remote Code Execution Vulnerability in Tencent WeChat
CVE-2019-17151

4.3MEDIUM

Key Information:

Vendor: Tencent
Status: Wechat
Vendor: CVE Published:; 7 January 2020

What is CVE-2019-17151?

This vulnerability in Tencent WeChat allows remote attackers to redirect users to external resources on installations prior to version 7.0.9. Exploitation necessitates that the target is in an active chat session with the attacker. The underlying issue is tied to improper validation of user names within profile parsing, which may be exploited in combination with other security flaws to potentially execute code within the context of the current process. For more information, refer to the advisory at Zero Day Initiative.

Affected Version(s)

WeChat Prior to 7.0.9

References

https://www.zerodayinitiative.com/advisories/ZDI-19-1035/

x_refsource_CONFIRM

CVSS V3.1

Score:

4.3

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

None

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Timeline

Vulnerability published
Jan 7, 2020
Vulnerability Reserved
Oct 4, 2019

Credit

Todd Han and Junzhi Lu of TrendMicro Mobile Security Research Team, Zhengyu Dong