How does the POC exploit the permission vulnerability in TeamViewer?

The POC injects a DLL into the TeamViewer process, searches memory for permission-related pointers, and reassigns their values using an inline hook. Function A allows the server to reverse-control the client without authorization, while Function B lets the client unlock mouse and keyboard controls that the server had disabled. The detailed testing process is covered in the article.