TeamViewer Insecure Directory Permissions Privilege Escalation

This script is Copyright (C) 2011-2015 Tenable Network Security, Inc.


Synopsis :

The remote Windows host contains a program that is affected by a
privilege escalation vulnerability.

Description :

According to its version number, the TeamViewer install on the remote
Windows host is affected by a privilege escalation vulnerability due
to insecure file system permissions that are granted during
installation.

When 'Remote Access' is enabled, it may be possible for an attacker to
execute arbitrary code with escalated privileges when an
administrative user launches the desktop application.

Note that this issue does not affect TeamViewer installed on Windows
XP or 2003.

See also :

http://www.teamviewer.com/en/download/changelog.aspx

Solution :

Upgrade to TeamViewer 6.0.10344 or later.

Risk factor :

Medium / CVSS Base Score : 6.9
(CVSS2#AV:L/AC:M/Au:N/C:C/I:C/A:C)
CVSS Temporal Score : 5.7
(CVSS2#E:F/RL:OF/RC:ND)
Public Exploit Available : true

Family: Windows

Nessus Plugin ID: 52716 ()

Bugtraq ID: 46797

CVE ID:

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now