The target must have previously accepted a Connection Request from the malicious user or be in a multi-user chat with the malicious user for this attack to succeed. This Finding was reported to Zoom as a part of Pwn20wn Vancouver. Description : A heap based buffer overflow exists in all desktop versions of the Zoom Client for Meetings before version 5. This could lead to remote code execution in an elevated privileged context. This would allow an attacker to overwrite files that a limited user would otherwise be unable to modify. In the affected products listed below, a malicious actor with local access to a user’s machine could use this flaw to potentially run arbitrary system commands in a higher privileged context during the installation process.ĭescription : A user-writable directory created during the installation of the Zoom Client for Meetings for Windows version prior to version 5. If the installer was launched with elevated privileges such as by SCCM this can result in a local privilege escalation.ĭescription : A user-writable application bundle unpacked during the install for all versions of the Zoom Plugin for Microsoft Outlook for Mac before 5. This could allow a standard user to write their own malicious application to the plugin directory, allowing the malicious application to execute in a privileged context.ĭescription : During the installation process for all versions of the Zoom Client for Meetings for Windows before 5. Description : The network proxy page on the web portal for the Zoom on-premise Meeting Connector Controller before version 4. Description : The network address administrative settings web portal for the Zoom on-premise Meeting Connector before version 4. This could lead to remote command injection by a web portal administrator. Then double-click on the file you want to convert. Go to C:\Users\UserName\AppData\Roaming\Zoom\bin and double-click on the zTscoder executable file. If Zoom initially fails to convert your meeting recordings, you can force the conversion process with the help of the zTscoder file.If the problem persists, obtain this file from c: / users / username/ AppData / Roaming / Zoom, issue a ticket from the Zoom inquiry service and inquire. solution: Manually download and install the Zoom client installer.Users can help keep themselves secure by applying current updates or downloading the latest Zoom software with all current security updates from Affected Products: All Zoom Client for Meetings (for Android, iOS, Linux, macOS, and Windows) before version Jun 06,.
0 Comments
Leave a Reply. |