1. Summary
A vulnerability has been discovered in the TeamViewer Clients for Windows which allows local privilege escalation on a Windows system.
2. Vulnerability Details
|
CVE-ID |
|
|
Description |
Improper Neutralization of Argument Delimiters in the TeamViewer_service.exe component of TeamViewer Full Client & Host prior version 15.62 (and additional versions listed below) for Windows allows an attacker with local unprivileged access on a Windows system to elevate privileges via argument injection.
To exploit this vulnerability, an attacker needs local access to the Windows system.
We have no indication that this vulnerability has been or is being exploited in the wild.
The vulnerability has been fixed with version 15.62 and additional versions listed below. We recommend updating to the latest available version. |
|
CVSS3.1 Score |
Base Score 7.8 (High) |
|
CVSS3.1 Vector String |
|
|
Problem type |
3. Affected products and versions
|
Product
|
Versions
|
Info
|
|---|---|---|
|
TeamViewer Full Client (Windows) |
< 15.62 |
|
|
TeamViewer Full Client (Windows) |
< 14.7.48799 |
|
|
TeamViewer Full Client (Windows) |
< 13.2.36226 |
|
|
TeamViewer Full Client (Windows) |
< 12.0.259319 |
|
|
TeamViewer Full Client (Windows) |
< 11.0.259318 |
|
|
TeamViewer Host (Windows) |
< 15.62 |
|
|
TeamViewer Host (Windows) |
< 14.7.48799 |
|
|
TeamViewer Host (Windows) |
< 13.2.36226 |
|
|
TeamViewer Host (Windows) |
< 12.0.259319 |
|
|
TeamViewer Host (Windows) |
< 11.0.259318 |
4. Solutions and mitigations
Update to the latest version (15.62 or the latest version available)
5. Acknowledgments
Anonymous of Trend Micro Zero Day Initiative