N/A

This vulnerability allows remote attackers redirect users to an external resource on affected installations of Tencent WeChat Prior to 7.0.9. User interaction is required to exploit this vulnerability in that the target must be within a chat session together with the attacker. The specific flaw exists within the parsing of a users profile. The issue lies in the failure to properly validate a users name. An attacker can leverage this in conjunction with other vulnerabilities to execute code in the context of the current process. Was ZDI-CAN-9302.

N/A

产品UI接口未警示用户不安全动作

Tencent WeChat 输入验证错误漏洞

Tencent WeChat（微信）是中国腾讯（Tencent）公司的一款在线社交应用程序。该程序支持发送语音短信、视频、图片和文字等。 Tencent WeChat（微信）7.0.9之前版本中存在输入验证错误漏洞，该漏洞源于程序在执行系统调用之前没有正确验证用户提交的字符串。攻击者可利用该漏洞在当前进程的上下文中执行代码。

N/A

N/A