ID CVE-2010-3128
Summary Untrusted search path vulnerability in TeamViewer 5.0.8703 and earlier allows local users, and possibly remote attackers, to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse dwmapi.dll that is located in the same folder as a .tvs or .tvc file. Per: http://cwe.mitre.org/data/definitions/426.html CWE-426 - 'Untrusted Search Path Vulnerability'
References
Vulnerable Configurations
  • cpe:2.3:a:teamviewer:teamviewer:1.85:*:*:*:*:*:*:*
    cpe:2.3:a:teamviewer:teamviewer:1.85:*:*:*:*:*:*:*
  • cpe:2.3:a:teamviewer:teamviewer:2.44:*:*:*:*:*:*:*
    cpe:2.3:a:teamviewer:teamviewer:2.44:*:*:*:*:*:*:*
  • cpe:2.3:a:teamviewer:teamviewer:3.6.5523:*:*:*:*:*:*:*
    cpe:2.3:a:teamviewer:teamviewer:3.6.5523:*:*:*:*:*:*:*
  • cpe:2.3:a:teamviewer:teamviewer:4.1.8107:*:*:*:*:*:*:*
    cpe:2.3:a:teamviewer:teamviewer:4.1.8107:*:*:*:*:*:*:*
  • cpe:2.3:a:teamviewer:teamviewer:-:*:*:*:*:*:*:*
    cpe:2.3:a:teamviewer:teamviewer:-:*:*:*:*:*:*:*
  • cpe:2.3:a:teamviewer:teamviewer:5.0.8703:*:*:*:*:*:*:*
    cpe:2.3:a:teamviewer:teamviewer:5.0.8703:*:*:*:*:*:*:*
CVSS
Base: 9.3 (as of 10-10-2018 - 20:01)
Impact:
Exploitability:
CWE NVD-CWE-Other
CAPEC
Access
VectorComplexityAuthentication
NETWORK MEDIUM NONE
Impact
ConfidentialityIntegrityAvailability
COMPLETE COMPLETE COMPLETE
cvss-vector via4 AV:N/AC:M/Au:N/C:C/I:C/A:C
oval via4
accepted 2013-12-16T04:01:50.804-05:00
class vulnerability
contributors
  • name SecPod Team
    organization SecPod Technologies
  • name Maria Kedovskaya
    organization ALTX-SOFT
definition_extensions
comment TeamViewer is installed
oval oval:org.mitre.oval:def:7018
description Untrusted search path vulnerability in TeamViewer 5.0.8703 and earlier allows local users, and possibly remote attackers, to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse dwmapi.dll that is located in the same folder as a .tvs or .tvc file.
family windows
id oval:org.mitre.oval:def:6773
status accepted
submitted 2010-09-30T08:01:50
title Untrusted search path vulnerability via a Trojan horse dwmapi.dll in TeamViewer version less than or equal to 5.0.8703
version 6
refmap via4
bugtraq 20100825 TeamViewer <= 5.0.8703 DLL Hijacking Exploit (dwmapi.dll)
exploit-db 14734
secunia 41112
vupen ADV-2010-2174
Last major update 10-10-2018 - 20:01
Published 26-08-2010 - 18:36
Back to Top