WeChat Windows side security vulnerability exposed, hackers can execute remote code

Recently,Tinder Security Team and 360 Vulnerability Research Institute exposed and successfully reproduced a WeChat Windows client vulnerability that allows attackers to execute remote code.It is understood that this vulnerability is triggered by a combination of "directory traversal" vulnerability chain and "remote code execution (RCE)". An attacker can use malicious files to remotely execute arbitrary code without the user's awareness, thereby achieving system control or permission maintenance, thus causing a serious impact on terminal security.

The technical principle of the vulnerability is that the WeChat client does not perform sufficient verification and filtering of the file path when processing the automatic download of files in the chat history.

An attacker can send a chat message containing a malicious file. When the attacked party clicks on the chat history in WeChat, the malicious file will be automatically downloaded and copied to the system startup directory.

Using directory traversal technology, attackers can bypass WeChat's security restrictions and implant malicious code into key directories of the Windows system to achieve automatic startup at boot.

When the attacker's computer restarts,The attacker can use this file to execute arbitrary remote code on the victim environment, thereby achieving system control or permission maintenance.

It is reported that this problem exists in WeChat Windows client version 3.9 and below. It is recommended to download the latest version from the WeChat official website in time and install it.