Zoom Patches Two Serious Vulnerabilities Found by Cisco Researchers

2020-06-04 09:03

Members of Cisco's Talos threat intelligence and research group have identified two vulnerabilities in the Zoom client application that can allow a remote attacker to write files to the targeted user's system and possibly achieve arbitrary code execution.

CVE-2020-6109 is related to the way Zoom processes GIF image files.

According to Talos, the file would have a.gif extension but its content could be executable code or a script, which could aid the attacker in the exploitation of other vulnerabilities.

The attacker then sends the victim a code snippet via Zoom with the same file ID and the same details in the obj tag.

When Zoom sees that the file has already been downloaded, it will unzip the previously downloaded file to a location picked by the attacker - this can be nearly any folder.

News URL

http://feedproxy.google.com/~r/Securityweek/~3/_50J2gJXm5E/zoom-patches-two-serious-vulnerabilities-found-cisco-researchers

#cisco #researcher #vulnerabilities #zoom #CVE-2020-6109

Related Vulnerability

DATE	CVE	VULNERABILITY TITLE	RISK
2020-06-08	CVE-2020-6109	Path Traversal vulnerability in Zoom 4.6.10 An exploitable path traversal vulnerability exists in the Zoom client, version 4.6.10 processes messages including animated GIFs. network low complexity zoom CWE-22	7.5

Related vendor

VENDOR	LAST 12M	#/PRODUCTS	LOW	MEDIUM	HIGH	CRITICAL	TOTAL VULNS
Cisco		4447	234	3132	1869	609	5844
Zoom		56	4	62	56	9	131

News URL

Related news

Related Vulnerability

Related vendor