Quote:Popular remote-support software TeamViewer has patched a high-severity flaw in its desktop app for Windows. If exploited, the flaw could allow remote, unauthenticated attackers to execute code on users’ systems or crack their TeamViewer passwords.
 
TeamViewer is a proprietary software application used by businesses for remote-control functionalities, desktop sharing, online meetings, web conferencing and file transfer between computers. The recently discovered flaw stems from the Desktop for Windows app (CVE-2020-13699) not properly quoting its custom uniform resource identifier (URI) handlers.
 
Apps need to identify the URIs for the websites they will handle. But because handler applications can receive data from untrusted sources, the URI  values passed to the application may contain malicious data that attempts to exploit the app. In this specific case, values are not “quoted” by the app – meaning that TeamViewer will treat them as commands rather than as input values.
 
“An attacker could embed a malicious iframe in a website with a crafted URL (...) that would launch the TeamViewer Windows desktop client and force it to open a remote SMB share,” according to an advisory by Jeffrey Hofmann, security engineer at Praetorian, who disclosed the flaw.