0
1
If yes, then you should pay attention to a critical vulnerability discovered in the software that could allow users sharing a desktop session to gain complete control of the other’s PC without permission.
TeamViewer is a popular remote-support software that lets you securely share your desktop or take full control of other’s PC over the Internet from anywhere in the world.
However, a GitHub user named « Gellin » has disclosed a vulnerability in TeamViewer that could allow the client (sharing its desktop session) to gain control of the viewer’s computer without permission.
TeamViewer Hack Could Be Used By Anyone—Server Or Client
Gellin has also published a proof-of-concept (PoC) code, which is an injectable C++ DLL, which leverages « naked inline hooking and direct memory modification to change TeamViewer permissions. »
The injectable C++ DLL (hack) can be used by both, the client and the server, which results as mentioned below:
If exploited by the Server—the hack allows viewers to enable « switch sides » feature, which is only active after the server authenticated control with the client, eventually allowing the server to initiate a change of control/sides.
If exploited by the Client—the hack allows the client to take control of the mouse and keyboard of the server « with disregard to servers current control settings and permissions. »
To read the original article :
