Security bulletin: CVE-2019-18196

Dear all,

It is our top priority to ensure the best possible security for the connectivity solutions our users trust in.

That’s why we encourage leading security researchers to search for and disclose to us potential vulnerabilities related to TeamViewer regardless of the root cause.

In this context, security firm SafeBreach approached us with an issue where a Microsoft Windows system DLL could load potentially untrusted DLLs from the application directory into the service process.

In order to take advantage of this, somebody would have needed to be already in the environment and have administrator privileges. Therefore, we do not consider the reported issue to be critical.

Nonetheless, we decided to implement appropriate measures into affected TeamViewer for Windows (only affected OS) versions 11,12,13, and 14 with today’s releases as Microsoft has stated in a blog post (Blog Post) that there is not going to be a short-term solution from their side.

We also referenced this under CVE-2019-18196.

Best,

Esther