CVE-2020-10551
First published: Thu Apr 09 2020(Updated: )
QQBrowser before 10.5.3870.400 installs a Windows service TsService.exe. This file is writable by anyone belonging to the NT AUTHORITY\Authenticated Users group, which includes all local and remote users. This can be abused by local attackers to escalate privileges to NT AUTHORITY\SYSTEM by writing a malicious executable to the location of TsService.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Tencent Qqbrowser | <10.5.3870.400 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is CVE-2020-10551?
CVE-2020-10551 is a vulnerability in QQBrowser that allows local attackers to escalate privileges to NT AUTHORITY\SYSTEM.
What is the severity of CVE-2020-10551?
CVE-2020-10551 has a severity rating of 7.8, which is considered high.
How does CVE-2020-10551 work?
CVE-2020-10551 occurs because QQBrowser installs a Windows service (TsService.exe) that is writable by anyone belonging to the NT AUTHORITY\Authenticated Users group.
Who is affected by CVE-2020-10551?
Users of QQBrowser before version 10.5.3870.400 are affected by CVE-2020-10551.
How do I fix CVE-2020-10551?
To fix CVE-2020-10551, users should update QQBrowser to version 10.5.3870.400 or newer.
- collector/nvd-index
- agent/weakness
- agent/type
- agent/event
- agent/author
- agent/references
- agent/severity
- agent/description
- agent/softwarecombine
- agent/tags
- agent/last-modified-date
- agent/first-publish-date
- collector/mitre-cve
- source/MITRE
- vendor/tencent
- canonical/tencent qqbrowser