|CVSS SCORE||4.5, (AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L)|
This vulnerability allows local attackers to modify requests on vulnerable installations of Tencent WeChat. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.
The specific flaw exists within the handling of URL schemes. The issue resides in the improper validation if a URL Scheme was acted upon by a malicious application. An attacker can leverage this vulnerability to steal tokens and manipulate requests in the context of current user.
This issue was resolved and fixed on the server side. Hence, no patch version number is available.
|CREDIT||lilang wu, moony Li and yuchen zhou of Trend Micro