TeamViewer File Opening Insecure Library Loading Vulnerability Network Vulnerability

Summary

This host is installed with TeamViewer and is prone to insecure library loading vulnerability.

Impact

Successful exploitation will allow attackers to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse dwmapi.dll that is located in the same folder as a .tvs or .tvc file. Impact Level: Application.

Solution

Update to version 5.0.9104 or later, For updates refer to http://www.teamviewer.com/index.aspx

Insight

The flaw is due to the application insecurely loading certain librairies from the current working directory.

Affected

TeamViewer version 5.0.8703 and prior

References

http://secunia.com/advisories/41112
http://www.exploit-db.com/exploits/14734/
http://www.vupen.com/english/advisories/2010/2174

Updated on 2015-03-25

Severity

Classification

CVE CVE-2010-3128

CVSS	Base Score: 9.3 AV:N/AC:M/Au:N/C:C/I:C/A:C

Related Vulnerabilities

Adobe Acrobat Multiple Unspecified Vulnerabilities -01 Feb13 (Windows)
Adobe Air Multiple Vulnerabilities -01 August 12 (Windows)
Adobe Air and Flash Player Multiple Vulnerabilities (Mac OS X)
Adobe Acrobat Multiple Unspecified Vulnerabilities - Windows
Adobe Air Multiple Vulnerabilities June-2012 (Windows)

Take action and discover your vulnerabilities