Main Vulnerability Database Exploits ID:2482 - Exploit for Untrusted search path in TeamViewer Remote Full Client for Windows - CVE-2010-3128

ID:2482 - Exploit for Untrusted search path in TeamViewer Remote Full Client for Windows - CVE-2010-3128

Published: April 7, 2020

Vulnerability identifier: #VU22570

Vulnerability risk: Low

CVE-ID: CVE-2010-3128

CWE-ID: CWE-426

Exploitation vector: Local access

Vulnerable software:
TeamViewer Remote Full Client for Windows

Link to public exploit:

https://www.exploit-db.com/exploits/14734/

Vulnerability description

The vulnerability allows a local attacker to execute arbitrary code on the target system.

The vulnerability exists due to executed malicious .dll file passed via untrusted search path. A local attacker, and possibly remote attacker can execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse dwmapi.dll that is located in the same folder as a .tvs or .tvc file.

Remediation

Install updates from vendor's website.

ID:2482 - Exploit for Untrusted search path in TeamViewer Remote Full Client for Windows - CVE-2010-3128

Link to public exploit:

Vulnerability description

Remediation

Please verify you're human