cvedb.io
CVE-2021-33879
HIGH · CVSS 8.1
EPSS exploitation probability: 0%
Published 2021-06-06T20:15:07.613 · Last modified 2026-06-17T03:55:19.403

Summary

Tencent GameLoop before 4.1.21.90 downloaded updates over an insecure HTTP connection. A malicious attacker in an MITM position could spoof the contents of an XML document describing an update package, replacing a download URL with one pointing to an arbitrary Windows executable. Because the only integrity check would be a comparison of the downloaded file's MD5 checksum to the one contained within the XML document, the downloaded executable would then be executed on the victim's machine.

Affected products

tencent — gameloop

Does this affect you?

Add your gear to cvedb and we'll alert you only when tencent ships something exploited.

Check my exposure →

References

This product uses data from the NVD API but is not endorsed or certified by the NVD. Informational only; not professional security advice.