#VU22570 Untrusted search path in TeamViewer
Vulnerability identifier: #VU22570
Vulnerability risk: Low
CVSSv3.1: 7 [CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C]
CVE-ID:
CWE-ID:
CWE-426
Exploitation vector: Local
Exploit availability: Yes
Vulnerable software:
TeamViewer
Client/Desktop applications /
Other client software
Vendor: TeamViewer
Description
The vulnerability allows a local attacker to execute arbitrary code on the target system.
The vulnerability exists due to executed malicious .dll file passed via untrusted search path. A local attacker, and possibly remote attacker can execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse dwmapi.dll that is located in the same folder as a .tvs or .tvc file.
Mitigation
Install updates from vendor's website.
Vulnerable software versions
TeamViewer: 1.85 - 5.0.8703
External links
http://secunia.com/advisories/41112
http://www.exploit-db.com/exploits/14734
http://www.securityfocus.com/archive/1/513317/100/0/threaded
http://www.vupen.com/english/advisories/2010/2174
http://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6773
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.
