Zoom : Security Vulnerabilities, CVEs, Published In June 2020
An exploitable partial path traversal vulnerability exists in the way Zoom Client version 4.6.10 processes messages including shared code snippets. A specially crafted chat message can cause an arbitrary binary planting which could be abused to achieve arbitrary code execution. An attacker needs to send a specially crafted message to a target user or a group to trigger this vulnerability. For the most severe effect, target user interaction is required.
Max CVSS
8.8
EPSS Score
0.25%
Published
2020-06-08
Updated
2022-05-12
An exploitable path traversal vulnerability exists in the Zoom client, version 4.6.10 processes messages including animated GIFs. A specially crafted chat message can cause an arbitrary file write, which could potentially be abused to achieve arbitrary code execution. An attacker needs to send a specially crafted message to a target user or a group to exploit this vulnerability.
Max CVSS
9.8
EPSS Score
0.77%
Published
2020-06-08
Updated
2022-05-12
2 vulnerabilities found