Heads up TeamViewer users! A vulnerability in the TeamViewer has recently received a fix. As discovered, the bug, upon an exploit, could allow an attacker to execute arbitrary code on the device.
SafeBreach Labs researchers have found another noteworthy vulnerability in popular software. This time, they have found the vulnerability in TeamViewer that could allow code execution.
As elaborated in their blog post, the vulnerability exists in TeamViewer Client For Windows versions 11 to 14. It occurred due to the TeamViewer service tried to load a missing DLL file with every restart. Then, due to the absence of signature validation and an uncontrolled search path, the service could load unsigned DLLs. As elaborated in the post,
Once the service is loaded, it calls the WSAStringToAddressW WinAPI function (which causes the process to load the ws2_32.dll library)
Next, the ws2_32.dll library loads the mswsock.dll library, and after a few calls it gets to the SockLoadHelperDll function, which tries to load wshtcpip.dll using LoadLibraryExW.
The library tried to load the mentioned DLL files using LoadLibraryExW without flags.
Thus, because of the problem with Microsoft’s DLL library (mswsock.dll), it became possible for an attacker to load arbitrary DLLs and execute code.
Patch Rolled Out
SafeBreach Labs found this vulnerability in July 2019 as they targeted TeamViewer 14. Following this discovery, they reported the matter to TeamViewer who then clarified informing Microsoft of the matter since the problem existed because of a Microsoft component.
However, TeamViewer later explained Microsoft’s denial to patch the bug and fixed the flaw themselves. Consequently, TeamViewer has fixed the bug with the release of TeamViewer 11 v11.0.214397, TeamViewer 12 v12.0.214399, TeamViewer 13 v13.2.36216, and TeamViewer 14 v14.7.1965. Users must ensure updating their devices with the patched version to stay safe.
Let us know your thoughts in the comments.