Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1020 CNY

100%
Buy Us a Coffee

CVE-2023-34312 PoC — Tencent QQ 安全漏洞

Source
https://github.com/lan1oc/CVE-2023-34312-exp
Associated Vulnerability
Title:Tencent QQ 安全漏洞 (CVE-2023-34312)
Description:In Tencent QQ through 9.7.8.29039 and TIM through 3.4.7.22084, QQProtect.exe and QQProtectEngine.dll do not validate pointers from inter-process communication, which leads to a write-what-where condition.
Description
复现CVE-2023-34312所需的两个恶意dll文件
Readme
# 声明

<span style="color: red;font-size: 24px;">本项目仅为用作复现实验所创建</span>

# 影响版本

- QQ 9.6.2.27855 ~ 9.7.11.29088(除了QQ 9.7.10,因为不带QQProtect.exe好像)
- TIM 3.4.5.22071 ~ 3.4.7.22084

# 使用方法

安装QQ/TIM后,然后要使两个恶意dll与QQprotect.exe处于同一文件夹

```
QQProtect.exe evil.dll
```

![](https://img1.imgtp.com/2023/08/07/peWDVLRu.png)
File Snapshot

 [4.0K]  /data/pocs/7d123fb3b8b3b56ef166e40db3ff590e52f91747
├── [198K]  evil.dll
├── [ 423]  README.md
└── [284K]  tinyxml.dll

0 directories, 3 files
Shenlong Bot has cached this for you
Remarks
    1. It is advised to access via the original source first.
    2. Local POC snapshots are reserved for subscribers — if the original source is unavailable, the local mirror is part of the paid plan.
    3. Mirroring, verifying, and maintaining this POC archive takes ongoing effort, so local snapshots are a paid feature. Your subscription keeps the archive online — thank you for the support. View subscription plans →