If the same maneuver is executed on the client’s side, it will allow them to take control of the server’s keyboard and mouse, without any consideration for the server’s settings and permissions. If the exploit is performed on the server’s side, the “switch sides” feature can be enabled, allowing the server to initiate a change of control on the client. According to gellin’s report, this exploit can be used by both the host and the client. This code exploits naked inline hooking and memory alterations to change TeamViewer permissions. Fortunately, this vulnerability can only be exploited if the authentication code is shared and both screens are connected.Ī GitHub user named gellin originally reported this vulnerability by publishing a proof-of-concept code that contains an injectable C++ DLL file. TeamViewer uses Microsoft’s Remote Desktop Protocol, allowing the presenter and viewer to share screens using a secret authentication code. If your enterprise uses TeamViewer, we strongly recommend updating to the latest version to prevent this exploit from being used in your network. This specific TeamViewer vulnerability provides the presenter with an opportunity to overtake the viewer’s system, and vice versa. Because TeamViewer allows users to share what’s displayed on their desktops with anyone in the world (and, more importantly, grant someone else access to their computer), vulnerabilities in TeamViewer can be fairly serious. After reports of a serious bug, the developer behind TeamViewer, the popular remote desktop management software, has released an important patch to seal this vulnerability.
0 kommentar(er)
