CVE-2019-11769

Name of the Vulnerable Software and Affected Versions TeamViewer version 14.2.2558

Description A local attacker can exploit an issue in the product to obtain administrative credentials and elevate privileges. This occurs because the product requires administrative credentials to be entered into the GUI when updating as a non-administrative user. These credentials are then processed in cleartext within the process memory of Teamviewer.exe, allowing any application running in the same non-administrative user context to intercept them. The vulnerability can be exploited by injecting code into Teamviewer.exe to intercept calls to GetWindowTextW and log the processed credentials.

Recommendations For TeamViewer version 14.2.2558, update the product to a newer version that addresses this issue. As a temporary workaround, consider running the update process in an administrative context to minimize the risk of credential interception. Restrict access to the Teamviewer.exe process to prevent code injection and minimize the risk of exploitation.