Info

Disclosure

Aug 22, 2012

Discovery

Unknown

Dates

Exploit

Aug 22, 2012

Solution

Unknown

Description

Tencent QQ contains a flaw that is triggered when credentials are stored in the process memory as plaintext. This may allow a local attacker to scan certain process memory locations and gain access to potentially sensitive information.

Classification

Location: Local Access Required
Attack Type: Information Disclosure
Impact: Loss of Confidentiality
Solution: Solution Unknown
Exploit: Exploit Public
Disclosure: Uncoordinated Disclosure
OSVDB: Authentication Required

Solution

OSVDB is not aware of a solution for this vulnerability.

Products

Tencent Holdings Limited

Tencent QQ

QQ2009 SP3

References

Related OSVDB ID: 85533 85534 85535 85536 85538
Generic Informational URL: http://carnal0wnage.attackresearch.com/2009/03/dumping-memory-to-extract-password.html
Other Advisory URL: http://core.yehg.net/lab/pr0js/advisories/%5Bmultiple-apps%5D_plain-text_storage_in_memory
http://core.yehg.net/lab/pr0js/training/view/CWE-316_plaintext-storage-in-memory/
Generic Exploit URL: http://www.metasploit.com/modules/post/windows/gather/memory_grep/
Vendor URL: http://www.tencent.com/en-us/index.shtml

Credit

Unknown or Incomplete

Direct URL: http://osvdb.org/85537