Multiple vulnerabilities in TeamViewer
| Risk | High |
| Patch available | YES |
| Number of vulnerabilities | 2 |
| CVE-ID | CVE-2010-3128 |
| CWE-ID | CWE-426 CWE-477 |
| Exploitation vector | Network |
| Public exploit | Public exploit code for vulnerability #1 is available. |
| Vulnerable software Subscribe |
TeamViewer Client/Desktop applications / Other client software |
| Vendor | TeamViewer |
Security Bulletin
This security bulletin contains information about 2 vulnerabilities.
1) Untrusted search path
EUVDB-ID: #VU22570
Risk: Low
CVSSv3.1: 7 [CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C]
CVE-ID: CVE-2010-3128
CWE-ID:
CWE-426 - Untrusted Search Path
Exploit availability: Yes
DescriptionThe vulnerability allows a local attacker to execute arbitrary code on the target system.
The vulnerability exists due to executed malicious .dll file passed via untrusted search path. A local attacker, and possibly remote attacker can execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse dwmapi.dll that is located in the same folder as a .tvs or .tvc file.
MitigationInstall updates from vendor's website.
Vulnerable software versionsTeamViewer: 1.85 - 5.0.8703
External linkshttp://secunia.com/advisories/41112
http://www.exploit-db.com/exploits/14734
http://www.securityfocus.com/archive/1/513317/100/0/threaded
http://www.vupen.com/english/advisories/2010/2174
http://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6773
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.
2) Use of Obsolete Function
EUVDB-ID: #VU22571
Risk: High
CVSSv3.1: 7.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: N/A
CWE-ID:
CWE-477 - Use of Obsolete Function
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to compromise the target system.
The vulnerability exists due to the code uses deprecated or obsolete functions, which suggests that the code has not been actively reviewed or maintained. A remote attacker can execute arbitrary code on the target system.
Successful exploitation of this vulnerability could result in information disclosure, total compromise of the system, and system unavailability.
Install updates from vendor's website.
Vulnerable software versionsTeamViewer: 1.85 - 5.0.8703
External linkshttp://ics-cert.us-cert.gov/advisories/icsa-19-309-01
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
