Published: 09/04/2020 Updated: 21/07/2021

CVSS v2 Base Score: 7.2 | Impact Score: 10 | Exploitability Score: 3.9

CVSS v3 Base Score: 7.8 | Impact Score: 5.9 | Exploitability Score: 1.8

VMScore: 642

Vector: AV:L/AC:L/Au:N/C:C/I:C/A:C

QQBrowser prior to 10.5.3870.400 installs a Windows service TsService.exe. This file is writable by anyone belonging to the NT AUTHORITY\Authenticated Users group, which includes all local and remote users. This can be abused by local malicious users to escalate privileges to NT AUTHORITY\SYSTEM by writing a malicious executable to the location of TsService.

Vulnerable Product	Search on Vulmon	Subscribe to Product
tencent qqbrowser

Projekt finalnej strony www Menu Komponenty ToDo wprowadzenie treści do wszystkich stron z usługami dodanie animacji modyfikacja strony tytułowej wg scenariusza Eugeniusza dodanie obsług landing pages dla GB, DE, CH dodanie artykułów z blogu dodanie newsów dodanie oprawnych description dla wszystkich plików automatyzacja publikacji (Cloudfla

Privilege escalation in QQBrowser

CVEID: CVE-2020-10551 Name of the affected product(s) and version(s): QQBrowser (all versions prior to 1053870400) Problem type: CWE-284: Improper Access Control Summary QQBrowser is a web browser developed by Tencent It is one of the most popular web browsers used in China During our tests, we have found a vulnerability which allows an unprivileged local attacker to gain

CWE-732 https://github.com/seqred-s-a/CVE-2020-10551 https://seqred.pl/en/cve-2020-10551-privilege-escalation-in-qqbrowser/https://nvd.nist.gov https://github.com/mbiel92/Hugo-MB https://github.com/seqred-s-a/CVE-2020-10551

CVE-2020-10551

Vulnerability Summary

Vulnerability Trend

Github Repositories

References

Vulmon Search

About

Products

Connect