Teamspeak 2: Windows client memory corruption

Users of Teamspeak 2 please be advised of a Windows client memory corruption vulnerability that has been identified.
To view this vulnerability, possible remedies, and others please check out the Security Advisories at Critical Watch (

nSense-2010-002: [nSense-2010-002] Teamspeak 2 Windows client memory corruption
Affected Product: Teamspeak 2 version
Technical details

The specific flaw exists within the TeamSpeak.exe module
teardown procedure responsible for freeing dynamically
allocated application handles.

It is possible to corrupt this memory area by transmitting a
voice transmission packet (0xf2) to the server. All clients
receiving the voice transmission will have their memory
corrupted. The resulting memory corruption leads to a overflow
of values which are later used in a copy operation
(during teardown).

This can be leveraged to achieve remote code execution
within the context of the user running the application.Read more at