<?xml version="1.0" encoding="utf-8" standalone="yes"?><rss version="2.0" xmlns:atom="http://www.w3.org/2005/Atom" xmlns:content="http://purl.org/rss/1.0/modules/content/"><channel><title>Tencent - CraftedSignal Threat Feed</title><link>https://feed.craftedsignal.io/vendors/tencent/</link><description>Trending threats, MITRE ATT&amp;CK coverage, and detection metadata. Fed continuously.</description><generator>Hugo</generator><language>en</language><managingEditor>hello@craftedsignal.io</managingEditor><webMaster>hello@craftedsignal.io</webMaster><lastBuildDate>Mon, 13 Jul 2026 01:18:23 +0000</lastBuildDate><atom:link href="https://feed.craftedsignal.io/vendors/tencent/feed.xml" rel="self" type="application/rss+xml"/><item><title>Tencent PC Manager QMUDisk Driver Uncontrolled Search Path Vulnerability (CVE-2026-15515)</title><link>https://feed.craftedsignal.io/briefs/2026-07-cve-2026-15515/</link><pubDate>Mon, 13 Jul 2026 01:18:23 +0000</pubDate><author>hello@craftedsignal.io</author><guid isPermaLink="true">https://feed.craftedsignal.io/briefs/2026-07-cve-2026-15515/</guid><description>A high-severity uncontrolled search path vulnerability (CVE-2026-15515) in the `qmudisk64.sys` component of Tencent PC Manager 18.1.30242.301 allows a local attacker to execute arbitrary code with elevated privileges, despite high complexity and difficult exploitability, due to public exploit disclosure.</description><content:encoded><![CDATA[<p>A security vulnerability, identified as CVE-2026-15515, has been discovered in Tencent PC Manager version 18.1.30242.301. The flaw is specifically located within the <code>qmudisk64.sys</code> library, which is part of the QMUDisk Driver component. This vulnerability stems from an uncontrolled search path, which can lead to privilege escalation. Exploitation requires local user access and is considered to be of high complexity and difficult to achieve, although a public exploit has been disclosed, increasing the risk of its use. Despite early disclosure, the vendor did not respond, indicating a lack of official patch or guidance at the time of publication. This vulnerability poses a significant risk to affected systems as it could allow an attacker to execute malicious code with elevated system privileges.</p>
<h2 id="attack-chain">Attack Chain</h2>
<ol>
<li><strong>Initial Access:</strong> An attacker first gains local, unprivileged access to a system running the vulnerable Tencent PC Manager.</li>
<li><strong>Vulnerable Component Identification:</strong> The attacker identifies that the <code>qmudisk64.sys</code> driver, part of the QMUDisk Driver component, is susceptible to an uncontrolled search path vulnerability during its operation or loading.</li>
<li><strong>Malicious DLL Placement:</strong> The attacker crafts a malicious Dynamic Link Library (DLL) file and strategically places it in a directory that the vulnerable driver or its associated processes search before the legitimate location of required system DLLs.</li>
<li><strong>Trigger Vulnerable Execution:</strong> The attacker waits for or actively triggers the vulnerable Tencent PC Manager component or the operating system to load the QMUDisk Driver (<code>qmudisk64.sys</code>) or another component that depends on it.</li>
<li><strong>DLL Hijacking/Sideloading:</strong> Due to the uncontrolled search path, the legitimate process attempts to load a required DLL and, finding the attacker's malicious DLL first in its search path, loads and executes it instead.</li>
<li><strong>Privilege Escalation:</strong> The malicious DLL executes arbitrary code within the context of the vulnerable driver, typically gaining SYSTEM-level privileges.</li>
<li><strong>System Compromise:</strong> With elevated privileges, the attacker can perform further malicious actions, such as installing persistence mechanisms, deploying additional malware, exfiltrating sensitive data, or taking full control of the compromised system.</li>
</ol>
<h2 id="impact">Impact</h2>
<p>Successful exploitation of CVE-2026-15515 allows an attacker with local access to achieve privilege escalation, potentially leading to arbitrary code execution with SYSTEM privileges. This level of access grants the attacker full control over the compromised Windows system, enabling them to bypass security controls, steal sensitive information, install backdoors, or deploy further malicious payloads like ransomware. While the vulnerability requires local access and is considered difficult to exploit, the public disclosure of an exploit significantly lowers the barrier for motivated attackers. The CVSS v3.1 Base Score of 7.0 highlights a high impact on confidentiality, integrity, and availability once exploited.</p>
<h2 id="recommendation">Recommendation</h2>
<ul>
<li>Patch CVE-2026-15515 on all systems running Tencent PC Manager 18.1.30242.301 immediately if a patch becomes available.</li>
<li>Restrict local administrative privileges to prevent potential attackers from reaching the necessary access level to exploit this type of vulnerability.</li>
</ul>
]]></content:encoded><category domain="severity">high</category><category domain="type">advisory</category><category>cve</category><category>vulnerability</category><category>privilege-escalation</category><category>windows</category></item></channel></rss>