TeamViewer has been found to feature a dangerous security vulnerability tracked in the CVE-2020-13699 advisory. It allows malicious users to exploit the installed running instances. At the moment the Windows version of the application is affected.
TeamViewer Windows Version Found To Be Vulnerable: Bug Tracked in the CVE-2020-13699 Advisory
The use of the TeamViewer application has risen during the COVID-19 pandemic around the world. For this reason remote accesss tools like it are likely to be the target of computer criminals trying to hack into individual computers or business networks. A security vulnerability was identified in the TeamViewer Windows application which is tracked in the CVE-2020-13699 advisory. This is an issue in the programming code of the program which allows hackers to abuse the way the application handles URI handlers – these are system addresses used to query elements.
The hackers can take advantage of the unpatched versions by creating specially-crafted sites — when they are clicked on the Windows client will be forced to run and open a SAMBA share. This is a network sharing feature of the operating system which allows for data to be made available over the network. The fault in the program’s programming code will interact with the Microsoft Windows operating system in order to authenticate the network share and allow the hackers to oversee remote code execution.
At the moment there are no reported cases of hackers abusing TeamViewer using these exploits. Also no public exploit code is available so potential hackers will not have the ability to implement it in their attacker frameworks. The TeamViewer has patched the vulnerability in version 15.8.3 of the Windows client. Affected versions are the Windows releases of TeamViewer from versions 8 to 15. The risk for home users is considered to be lower than business entities and government and business facilities.