Main Vulnerability Database Vulnerabilities #VU22442

#VU22442 Insecure DLL loading in TeamViewer Remote Full Client for Windows - CVE-2019-18196

Published: October 31, 2019

Vulnerability identifier: #VU22442

Vulnerability risk: High

CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber

CVE-ID: CVE-2019-18196

CWE-ID: CWE-427

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vulnerable software:
TeamViewer Remote Full Client for Windows

Software vendor:
TeamViewer

Description

The vulnerability allows a remote attacker to compromise vulnerable system.

The vulnerability exists due to the application loads DLL libraries in an insecure manner. A remote authenticated administrator can install DLL on the target system, restart a service and execute arbitrary code on victim's system.

Note: This vulnerability affects the following versions:

versions up to 11.0.133222 (fixed in 11.0.214397)

12.0.X (fixed in 12.0.214399)

13.X.X (fixed in 13.2.36216)

14.X.X (fixed in 14.7.1965)

Remediation

Install updates from vendor's website.

External links

https://community.teamviewer.com/t5/Announcements/Security-bulletin-CVE-2019-18196/td-p/74564

#VU22442 Insecure DLL loading in TeamViewer Remote Full Client for Windows - CVE-2019-18196

Description

Remediation

External links

Please verify you're human