Lucene search
MitreCVELIST:CVE-2020-13699HistoryJul 29, 2020 - 3:36 p.m.
CVE-2020-13699
2020-07-2915:36:06
mitre
www.cve.org
1
TeamViewer Desktop for Windows before 15.8.3 does not properly quote its custom URI handlers. A malicious website could launch TeamViewer with arbitrary parameters, as demonstrated by a teamviewer10: --play URL. An attacker could force a victim to send an NTLM authentication request and either relay the request or capture the hash for offline password cracking. This affects teamviewer10, teamviewer8, teamviewerapi, tvchat1, tvcontrol1, tvfiletransfer1, tvjoinv8, tvpresent1, tvsendfile1, tvsqcustomer1, tvsqsupport1, tvvideocall1, and tvvpn1. The issue is fixed in 8.0.258861, 9.0.258860, 10.0.258873, 11.0.258870, 12.0.258869, 13.2.36220, 14.2.56676, 14.7.48350, and 15.8.3.
Related
threatpost
threatpost
Windows 10 Drive-By RCE Triggered by Default URI Handler
2021-12-07 20:24:02
Windows 10 Drive-By RCE Triggered by Default URI Handler
2021-12-07 20:24:02
TeamViewer Flaw in Windows App Allows Password-Cracking
2020-08-10 15:56:13
nvd
nvd
CVE-2020-13699
2020-07-29 16:15:12
prion
prion
Cross site request forgery (csrf)
2020-07-29 16:15:00
thn
thn
TeamViewer Flaw Could Let Hackers Steal System Password Remotely
2020-08-10 12:06:00
trendmicroblog
trendmicroblog
metasploit
metasploit
TeamViewer Unquoted URI Handler SMB Redirect
2020-08-12 23:59:00
cve
cve
CVE-2020-13699
2020-07-29 16:15:12
openvas
openvas
TeamViewer Unqoted URI Handler Vulnerability (CVE 2020-13699) - Windows
2021-03-16 00:00:00
attackerkb
attackerkb
CVE-2020-13699
2020-07-29 00:00:00
ics
ics
VISAM VBASE Editor
2021-11-09 12:00:00