The Zoom Client for Meetings (for Android, iOS, Linux, macOS, and Windows) before version 5.11.0 are susceptible to a URL parsing vulnerability. If a malicious Zoom meeting URL is opened, the malicious link may direct the user to connect to an arbitrary network address, leading to additional attacks including the potential for remote code execution through launching executables from arbitrary paths.
oryginał ENCVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:HZoom Virtual Desktop Infrastructure
APPZoom< 5.10.7Zoom
APPZoom< 5.11.0
Powiązane podatności
Privilege escalation w Zoom Desktop Client, VDI Client i Meeting SDK dla Windows
Improper neutralization of special elements in Zoom Desktop Client for Windows and Zoom VDI Client before 5.15...
Improper input validation in Zoom Desktop Client for Windows before 5.14.7 may allow an unauthenticated user t...
Path traversal in Zoom Desktop Client for Windows before 5.14.7 may allow an unauthenticated user to enable an...
A buffer overflow vulnerability was discovered in Zoom Client for Meetings (for Android, iOS, Linux, macOS, an...