DLL Hijacking Vulnerability in Tencent TIM Windows Client
CVE-2020-24160

7.8HIGH

Key Information:

Vendor: Tencent
Status: Tim
Vendor: CVE Published:; 3 September 2020

What is CVE-2020-24160?

The Tencent TIM Windows client version 3.0.0.21315 contains a DLL hijacking vulnerability that can be exploited by attackers. This flaw enables unauthorized execution of malicious code by manipulating dynamic link library (DLL) files, potentially compromising system integrity and user data. It is essential for users to stay informed and implement appropriate security measures to protect against this threat.

References

https://www.cnvd.org.cn/flaw/show/2105395

x_refsource_MISC

CVSS V3.1

Score:

7.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Sep 3, 2020
Vulnerability Reserved
Aug 13, 2020

JSON