Main Vulnerability Database Vulnerabilities #VU9565

Insecure DLL loading in TeamViewer Remote Full Client for Windows - #VU9565

Published: December 7, 2017

Vulnerability identifier: #VU9565

CSH Severity: High

CVSS v4.0: CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber

CVE-ID: N/A

CWE-ID: CWE-427

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vendor: TeamViewer

Affected software:
TeamViewer Remote Full Client for Windows

Detailed vulnerability description

The vulnerability allows a remote attacker to compromise vulnerable system.

The vulnerability exists due to insecure C++ .dll loading mechanism when opening files. A remote attacker can place a file along with specially crafted .dll file on a remote SBM or WebDAV share, trick the victim into opening it, change TeamViewer permissions and execute arbitrary code on the target system with privileges of the current victim.

Successful exploitation of the vulnerability may result in system compromise.

Remediation

Install update from vendor's website.

Sources

https://github.com/gellin/TeamViewer_Permissions_Hook_V1

Insecure DLL loading in TeamViewer Remote Full Client for Windows - #VU9565

Detailed vulnerability description

Remediation

Sources

Please verify you're human