Zoom addressed a vulnerability that impacts the Zoom Desktop Client for Windows, Zoom VDI Client for Windows, and Zoom Meeting SDK for Windows. Tracked as CVE-2024-24691, the vulnerability has a critical severity with a CVSS score 9.6. The vulnerability may allow an unauthenticated user to escalate privilege with the help of network access.
Tag: Zoom
Zoom Releases Security Updates to Address Multiple Vulnerabilities in Zoom Clients for Meetings (CVE-2022-22784, CVE-2022-22785, CVE-2022-22786, CVE-2022-22787)
Zoom has patched four security flaws that can infect another user through chat by sending the specially designed Extensible Messaging and Presence Protocol (XMPP) messages and running malicious malware. The vulnerabilities are tracked as CVE-2022-22784, CVE-2022-22785, CVE-2022-22786, and CVE-2022-22787. The vulnerabilities were disclosed by Ivan Fratric of Google’s Project Zero team in February 2022. … Continue reading “Zoom Releases Security Updates to Address Multiple Vulnerabilities in Zoom Clients for Meetings (CVE-2022-22784, CVE-2022-22785, CVE-2022-22786, CVE-2022-22787)”
Zoom path traversal into remote code execution vulnerabilities (CVE-2020-6109, CVE-2020-6110)
Update June 5, 2020: Qualys’ standard procedure is to give proper credit to the security research teams working diligently to discover and report vulnerabilities. In our rush to deliver this article to customers, we missed giving credit to the talented Cisco Talos team, who are the original authors of this research. After additional review with a … Continue reading “Zoom path traversal into remote code execution vulnerabilities (CVE-2020-6109, CVE-2020-6110)”
Zoom client for Windows UNC path injection vulnerability
Summary: ‘UNC path injection’ vulnerability was observed critically in Zoom client for Windows while the work form home and online education conferences are new normal. This leads remote attackers to steal login credentials for victims’ Windows systems. Description: A critical zero-day vulnerability in zoom video conferencing app. This vulnerability was found in windows client of … Continue reading “Zoom client for Windows UNC path injection vulnerability”