![]() ![]() “An attacker could embed a malicious iframe in a website with a crafted URL () that would launch the TeamViewer Windows desktop client and force it to open a remote SMB share,” according to an advisory by Jeffrey Hofmann, security engineer at Praetorian, who disclosed the flaw. In this specific case, values are not “quoted” by the app – meaning that TeamViewer will treat them as commands rather than as input values. But because handler applications can receive data from untrusted sources, the URI values passed to the application may contain malicious data that attempts to exploit the app. The recently discovered flaw stems from the Desktop for Windows app ( CVE-2020-13699) not properly quoting its custom uniform resource identifier (URI) handlers.Īpps need to identify the URIs for the websites they will handle. TeamViewer is a proprietary software application used by businesses for remote-control functionalities, desktop sharing, online meetings, web conferencing and file transfer between computers. ![]() ![]() If exploited, the flaw could allow remote, unauthenticated attackers to execute code on users’ systems or crack their TeamViewer passwords. Popular remote-support software TeamViewer has patched a high-severity flaw in its desktop app for Windows. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |