RSS   Vulnerabilities for 'ZOOM'   RSS

2021-03-18
 
CVE-2021-28133

CWE-200
 

 
Zoom through 5.5.4 sometimes allows attackers to read private information on a participant's screen, even though the participant never attempted to share the private part of their screen. When a user shares a specific application window via the Share Screen functionality, other meeting participants can briefly see contents of other application windows that were explicitly not shared. The contents of these other windows can (for instance) be seen for a short period of time when they overlay the shared window and get into focus. (An attacker can, of course, use a separate screen-recorder application, unsupported by Zoom, to save all such contents for later replays and analysis.) Depending on the unintentionally shared data, this short exposure of screen contents may be a more or less severe security issue.

 
2020-06-08
 
CVE-2020-6110

CWE-22
 

 
An exploitable partial path traversal vulnerability exists in the way Zoom Client version 4.6.10 processes messages including shared code snippets. A specially crafted chat message can cause an arbitrary binary planting which could be abused to achieve arbitrary code execution. An attacker needs to send a specially crafted message to a target user or a group to trigger this vulnerability. For the most severe effect, target user interaction is required.

 
 
CVE-2020-6109

CWE-22
 

 
An exploitable path traversal vulnerability exists in the Zoom client, version 4.6.10 processes messages including animated GIFs. A specially crafted chat message can cause an arbitrary file write, which could potentially be abused to achieve arbitrary code execution. An attacker needs to send a specially crafted message to a target user or a group to exploit this vulnerability.

 
2019-07-09
 
CVE-2019-13450

CWE-284
 

 
In the Zoom Client through 4.4.4 and RingCentral 7.0.136380.0312 on macOS, remote attackers can force a user to join a video call with the video camera active. This occurs because any web site can interact with the Zoom web server on localhost port 19421 or 19424. NOTE: a machine remains vulnerable if the Zoom Client was installed in the past and then uninstalled. Blocking exploitation requires additional steps, such as the ZDisableVideo preference and/or killing the web server, deleting the ~/.zoomus directory, and creating a ~/.zoomus plain file.

 
2018-11-30
 
CVE-2018-15715

CWE-20
 

 
Zoom clients on Windows (before version 4.1.34814.1119), Mac OS (before version 4.1.34801.1116), and Linux (2.4.129780.0915 and below) are vulnerable to unauthorized message processing. A remote unauthenticated attacker can spoof UDP messages from a meeting attendee or Zoom server in order to invoke functionality in the target client. This allows the attacker to remove attendees from meetings, spoof messages from users, or hijack shared screens.

 

 >>> Vendor: ZOOM 29 Products
Model 5560 x3 ethernet adsl modem
Zoom cloud meetings
ZOOM
Client
Meetings
Sharing service
Call recording
Zoom client for meetings
Zoom on-premise meeting connector controller
Zoom on-premise meeting connector mmr
Zoom on-premise recording connector
Zoom on-premise virtual room connector
Zoom on-premise virtual room connector load balancer
Meetings for chrome os
Virtual desktop infrastructure
Android meeting sdk
Iphone os meeting sdk
Macos meeting sdk
Windows meeting sdk
Android video sdk
Iphone os video sdk
Macos video sdk
Windows video sdk
Hybrid mmr
Hybrid zproxy
Vdi azure virtual desktop
Vdi citrix
Vdi vmware
Vdi windows meeting client


Copyright 2022, cxsecurity.com

 

Back to Top