TeamViewer: Vulnerability allows permission changes

[German]The TeamViewer software, commonly used to remotely control computers, has a security vulnerability. This allows attackers to hijack a session and attack the target computer. A patch is available.


Advertising

At GitHub someone has published a Proof-of-Concept exploit, which allows to use a security hole in TeamViewer totake over a remote session. The attacker must use a DLL injector to insert the code into the Teamviewer.

Teamviewer-Angriff
(Source: GitHub)

If this succeeds, the attacker can access the two computers involved in the Teamviewer session and, for example, change the direction for the remote session. Then the attacker can overtake the server or the client. The proof of concept was tested under Windows 10 with TeamViewer x86 version 13.0.5058. At reddit. com, where the whole thing was discussed, somebody mentioned, that a patch for TeamViewer version 13.0.5640.0 is available. Further information can be found at The Hacker News.


Advertising

This entry was posted in Security, Windows and tagged , . Bookmark the permalink.

Leave a Reply

Your email address will not be published. Required fields are marked *

Note: Please note the rules for commenting on the blog (first comments and linked posts end up in moderation, I release them every few hours, I rigorously delete SEO posts/SPAM).