An exploitable path traversal vulnerability exists in the Zoom client, version 4.6.10 processes messages including animated GIFs. A specially crafted chat message can cause an arbitrary file write, which could potentially be abused to achieve arbitrary code execution. An attacker needs to send a specially crafted message to a target user or a group to exploit this vulnerability.
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HZoom
APPZoom4.6.10
Related vulnerabilities
Privilege escalation w Zoom Desktop Client, VDI Client i Meeting SDK dla Windows
Improper input validation in Zoom Desktop Client for Windows before 5.14.7 may allow an unauthenticated user t...
Improper neutralization of special elements in Zoom Desktop Client for Windows and Zoom VDI Client before 5.15...
Path traversal in Zoom Desktop Client for Windows before 5.14.7 may allow an unauthenticated user to enable an...
The Zoom Client for Meetings (for Android, iOS, Linux, macOS, and Windows) before version 5.11.0 are susceptib...