SB2010082601 - Multiple vulnerabilities in TeamViewer
Published: August 26, 2010 Updated: November 7, 2019
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 2 secuirty vulnerabilities.
1) Untrusted search path (CVE-ID: CVE-2010-3128)
The vulnerability allows a local attacker to execute arbitrary code on the target system.
The vulnerability exists due to executed malicious .dll file passed via untrusted search path. A local attacker, and possibly remote attacker can execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse dwmapi.dll that is located in the same folder as a .tvs or .tvc file.
2) Use of Obsolete Function (CVE-ID: N/A)
The vulnerability allows a remote attacker to compromise the target system.
The vulnerability exists due to the code uses deprecated or obsolete functions, which suggests that the code has not been actively reviewed or maintained. A remote attacker can execute arbitrary code on the target system.
Successful exploitation of this vulnerability could result in information disclosure, total compromise of the system, and system unavailability.
Remediation
Install update from vendor's website.
References
- http://secunia.com/advisories/41112
- http://www.exploit-db.com/exploits/14734
- http://www.securityfocus.com/archive/1/513317/100/0/threaded
- http://www.vupen.com/english/advisories/2010/2174
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6773
- https://ics-cert.us-cert.gov/advisories/icsa-19-309-01