Headline
CVE-2021-35005: August Updates - Security Patches
This vulnerability allows local attackers to disclose sensitive information on affected installations of TeamViewer. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the TeamViewer service. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated array. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of SYSTEM. Was ZDI-CAN-13818.
Hi all,
Today, we released some updates for TeamViewer 15 for Windows, Linux, and macOS.
We implemented the following fixes:
- CVE-2021-34858: Installations with existing TV recording files (TVS) were vulnerable to a problem in file parsing that could have allowed someone to execute arbitrary code and could have caused the binary to crash. User interaction as well as a third-party vulnerability would have been required for remote exploitation. We don’t have any indication of exploitation in the wild. Our thanks go to Kdot and the Trend Micro Zero Day Initiative for the responsible disclosure.
- CVE-2021-34859: In some circumstances, a problem in shared memory management could have caused the TeamViewer service to perform an out-of-bounds read. Access to the machine would have been required for exploitation. We don’t have any indication of exploitation in the wild. Our thanks go to Mat Powell and the Trend Micro Zero Day Initiative for the responsible disclosure.
- [Windows only]: TeamViewer is installed by default in the protected Program Files directory. If a user intentionally had chosen to install it in a different location, someone would have been able to leverage a privilege escalation problem. Access to the machine would have been required for exploitation. We don’t have any indication of exploitation in the wild. Our thanks go to Maciej Miszczyk for the responsible disclosure.
Please see our Change Logs and you will find the new version ready for download on our homepage:
TeamViewer 15: teamviewer.com/download
Edit: this vulnerability has already been patched on August 24th, 2021, with v15.21.2 but due to misunderstanding, did not make it to the initial release notes.
From a low-privileged user it is possible to modify shared memory and cause the TeamViewer service to perform an out-of-bounds read. The service then writes the data to the TeamViewer log file, where it can be read by the attacker.
In this way, an attacker can disclose memory from the service process. This may be useful to an attacker as part of a larger exploit, perhaps ultimately resulting in execution of arbitrary code within the TeamViewer service running as SYSTEM.
We don’t have any indication of exploitation in the wild. Our thanks go to Kharosx0 and the Trend Micro Zero Day Initiative for the responsible disclosure. This was tracked under CVE-2021-35005. This vulnerability has been patched with v15.21.2 on august 24th 2021.
All the best,
Esther
Related news
SolarWinds Platform was susceptible to the Deserialization of Untrusted Data. This vulnerability allows a remote adversary with Orion admin-level account access to SolarWinds Web Console to execute arbitrary commands.
SolarWinds Platform was susceptible to the Deserialization of Untrusted Data. This vulnerability allows a remote adversary with Orion admin-level account access to SolarWinds Web Console to execute arbitrary commands.
This vulnerability allows remote attackers to execute arbitrary code on affected installations of TeamViewer 15.16.8.0. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of TVS files. The issue results from the lack of proper validation of user-supplied data, which can result in a memory corruption condition. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-13697.
This vulnerability allows remote attackers to execute arbitrary code on affected installations of TeamViewer 15.16.8.0. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of TVS files. The issue results from the lack of proper validation of user-supplied data, which can result in a memory corruption condition. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-13697.
This vulnerability allows remote attackers to execute arbitrary code on affected installations of TeamViewer 15.16.8.0. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of TVS files. The issue results from the lack of proper validation of user-supplied data, which can result in a memory corruption condition. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-13697.