![]() The flaw affects Windows, macOS and Linux versions of the popular software. Gellin explained that such kind of attack is easy to detect and stop by ending the session, however, gellin highlighted that before the patch was deployed, that attacker could exploit the flaw to disable a host’s visual input and force the targeted computer’s screen go black, hiding any malicious operation on the target. “Once you’ve made the request to switch controls there are no additional check on the server-side before it grants you access.” “Once the code is injected into the process it’s programmed to modify the memory values within your own process that enables GUI elements that give you the options to switch control of the session,” Gellin told Threat Post. The attacker would have to inject the PoC code into their own process with a tool such as a DLL injector. “As the Client – Allows for control of mouse with disregard to servers current control settings and permissions.” Most useful so far to enable the “switch sides” feature which is normally only active after you have already authenticated control with the client, and initiated a change of control/sides.” reads the description privided by Gellin on GitHub. ![]() “As the Server – Enables extra menu item options on the right side pop-up menu. The PoC was published onGitHub by a user named “gellin,” This flaw could be exploited to gain control of the presenter’s session or the viewer’s session without permission. This allows a user to “enable the ‘switch sides’ feature which is normally only active after the user has already authenticated control with the client, and initiated a change of control/sides.” The flaw was first reported by the Reddit user “xpl0yt” early this week, he also linked to a proof-of-concept injectable C++ dll that uses naked inline hooking and direct memory modification to change TeamViewer permissions. TeamViewer confirmed the existence of the vulnerability after its public disclosure and promptly issued a patch for Windows users on Tuesday. Remote support software company TeamViewer released a patch to address a vulnerability that allows users sharing a desktop session to gain control of the other’s computer without permission. TeamViewer released a patch to fix a vulnerability that allows users sharing a desktop session to gain control of the other’s computer without permission.
0 Comments
Leave a Reply. |