Information Disclosure Vulnerability in Tencent WeChat Desktop Application
CVE-2021-27247

6.5MEDIUM

Key Information:

Vendor: Tencent
Status: Wechat
Vendor: CVE Published:; 14 April 2021

What is CVE-2021-27247?

An information disclosure vulnerability exists in the WXAM decoder of Tencent WeChat 2.9.5 for desktop, allowing remote attackers to potentially access sensitive user information. To exploit this vulnerability, an attacker must trick the user into visiting a malicious webpage or opening a malicious file, which invokes the flaw resulting from insufficient validation of user-supplied data. This could enable attackers to read beyond the end of an allocated buffer, presenting opportunities for further exploitation in conjunction with other vulnerabilities.

Affected Version(s)

WeChat 2.9.5 desktop version

References

https://www.zerodayinitiative.com/advisories/ZDI-21-217/

x_refsource_MISC

CVSS V3.1

Score:

6.5

Severity:

MEDIUM

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Timeline

Vulnerability published
Apr 14, 2021
Vulnerability Reserved
Feb 16, 2021

Credit

Wen guang Jiao