Remote Code Execution Vulnerability in Tencent WeChat
CVE-2020-27874

8.8HIGH

Key Information:

Vendor: Tencent
Status: Wechat
Vendor: CVE Published:; 10 February 2021

What is CVE-2020-27874?

A remote code execution vulnerability exists in Tencent WeChat versions 7.0.18 due to improper validation of user-supplied data within the WXAM Decoder. This flaw allows attackers to execute arbitrary code when the victim interacts with a malicious webpage or file. Successful exploitation results in memory access issues, potentially leading to severe compromises in the affected user's environment. Users must exercise caution and avoid engaging with untrusted content to mitigate the risks associated with this vulnerability.

Affected Version(s)

WeChat 7.0.18

References

https://www.zerodayinitiative.com/advisories/ZDI-21-084/

x_refsource_MISC

CVSS V3.1

Score:

8.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Timeline

Vulnerability published
Feb 10, 2021
Vulnerability Reserved
Oct 27, 2020

Credit

Wen guang Jiao