SafeBreach Labs found this vulnerability in July 2019 as they targeted TeamViewer 14. Thus, because of the problem with Microsoft’s DLL library (mswsock.dll), it became possible for an attacker to load arbitrary DLLs and execute code. The library tried to load the mentioned DLL files using LoadLibraryExW without flags. Once the service is loaded, it calls the WSAStringToAddressW WinAPI function (which causes the process to load the ws2_32.dll library) Next, the ws2_32.dll library loads the mswsock.dll library, and after a few calls it gets to the SockLoadHelperDll function, which tries to load wshtcpip.dll using LoadLibraryExW. Then, due to the absence of signature validation and an uncontrolled search path, the service could load unsigned DLLs. It occurred due to the TeamViewer service tried to load a missing DLL file with every restart. This time, they have found the vulnerability in TeamViewer that could allow code execution.Īs elaborated in their blog post, the vulnerability exists in TeamViewer Client For Windows versions 11 to 14. SafeBreach Labs researchers have found another noteworthy vulnerability in popular software. As discovered, the bug, upon an exploit, could allow an attacker to execute arbitrary code on the device.
Heads up TeamViewer users! A vulnerability in the TeamViewer has recently received a fix.
0 kommentar(er)
