Earlier this week a report published for remote code execution vulnerability in Zoom Client for Windows. This bug is reported to 0patch Team by a researcher who wants to keep their identity private.
Vulnerability Details
A vulnerability has been discovered in Zoom Client that could allow for arbitrary code execution. It is affected to any currently supported version of Zoom Client for Windows and impacts users running Windows 7 or older. Currently any CVE identifier is not assigned to this vulnerability.
To exploit this vulnerability attackers needs user interaction. User must perform some typical actions for exploit to work. According to the researchers, no security warning is shown to the user during attack.
Detailed vulnerability report is not disclosed as it will allow attackers to exploit this vulnerability and attack the Zoom client users.
However, the PoC video is available which shows how an exploit can be triggered by clicking the “start video” button in the Zoom Client:
PoC source- 0patch Blog
Affected Product and Platforms
Any Currently supported version of Zoom Client prior to 5.1.3 running on Windows 7 and older Windows systems.
Remediation
Zoom has released a patch for its Windows client to address the zero-day described by ARCOS Security. The update can be downloaded from the Zoom client download page. The patched version is Zoom for Windows v5.1.3.
Detection
Qualys customers can scan their network with QID’s# 373121 to detect vulnerable assets. Please continue to follow on Qualys Threat Protection for more coverage on these vulnerabilities.
References and Sources
https://blog.0patch.com/2020/07/remote-code-execution-vulnerability-in.html
https://www.zdnet.com/article/zoom-working-on-patching-zero-day-disclosed-in-its-windows-client/