Affected Product: Teamviewer 12 Client for Windows PC Credit: Souhardya Sardar and Rohit Bankoti Contact : facebook.com/SouhardyaSardar.py *Summary:* Gom Player Installer contains a dll hijack vulnerability that could allow an unauthenticated, remote attacker to execute arbitrary code on the targeted system and gain elevated privileges. The vulnerability exists due to some DLL file is loaded by 'TeamViewer.exe' improperly. And it allows an attacker to load this DLL file of the attacker as choosing that could execute arbitrary code without the user's knowledge. *Tested on*: Windows 7 Ultimate 6.1.7601 Service Pack 1 Build 7601 *Impact:* Attacker can exploit this vulnerability to load a DLL file of the attacker's choosing that could execute arbitrary code. This may help attacker to successfully exploit the system if user creates shell as a DLL. POC : # Vulnerable Library: GPAPI.dll Dir : C:\Program Files\TeamViewer Create malicious DLL GPAPI.dll Additionally Privilege Escalation can be done if the TeamViewer Client is running on Higher Privileges e.g NT\AUTHORITY