“Exploited as a presenter you are able to turn on a ‘switch sides’ feature (that usually needs the client to agree to) and change controls and sides, controlling a viewer’s computer. By default, only a client can manually allow another user to access their device through TeamViewer however the vulnerability also grants user control over mouse and control settings and permissions. Gellin tested the vulnerability on TeamViewer x86 Version and it transpired that it can be exploited to enable the “switch sides” feature which an attacker can use to take control of victim’s PC during the desktop session. Recently, a GitHub user going by the online handle of “Gellin” discovered a critical vulnerability in TeamViewer that allows an attacker or client to remotely take over a computer without consent or knowledge of its owner.Īccording to proof-of-concept (PoC) published on GitHub, “an injectable C++ dll, which uses naked inline hooking and direct memory modification to change your TeamViewer permissions.” That means victim remains uninformed once TeamViewer permissions are modified.
So when there is a vulnerability in such a widely used program, it becomes a big thing.
There are over one billion devices with TeamViewer, a software that allows users to conduct online meetings, desktop sharing, remote control, file transfer, etc.