{"@attributes":{"version":"2.0"},"channel":{"title":"Exploit on theevilbit blog","link":"https:\/\/theevilbit.github.io\/tags\/exploit\/","description":"Recent content in Exploit on theevilbit blog","generator":"Hugo","language":"en","lastBuildDate":"Wed, 26 May 2021 00:00:00 +0000","item":{"title":"NOCVE - TeamViewer Local Privilege Escalation Vulnerability","link":"https:\/\/theevilbit.github.io\/posts\/teamviewer_lpe\/","pubDate":"Wed, 26 May 2021 00:00:00 +0000","guid":"https:\/\/theevilbit.github.io\/posts\/teamviewer_lpe\/","description":"<h2 id=\"intro\">\n  Intro\n  <a class=\"heading-link\" href=\"#intro\">\n    <i class=\"fa-solid fa-link\" aria-hidden=\"true\" title=\"Link to heading\"><\/i>\n    <span class=\"sr-only\">Link to heading<\/span>\n  <\/a>\n<\/h2>\n<p>This is a rather old vulnerability I found in TeamViewer back in 2020, and reported it through VCP\/iDefense. TeamViewer fixed the vulnerability last November, but somehow I missed it, and became aware of it only recently. Their advisory can be found here:\n<a href=\"https:\/\/community.teamviewer.com\/English\/discussion\/107710\/november-updates-security-patches\"  class=\"external-link\" target=\"_blank\" rel=\"noopener\">November updates - Security patches \u2014 TeamViewer Support<\/a><\/p>\n<p>The TeamViewer macOS client used a PrivilegedHelperTool named <code>com.teamviewer.Helper<\/code> to perform specific tasks that require <code>root<\/code>\npermissions. Back in 2020 it used a deprecate model to perform IPC communication, called Distributed Objects. It was wide open, and any client could invoke the remote object&rsquo;s functions, and some of those lead to direct privilege escalation.<\/p>"}}}