Zero day Zoom Vulnerability

A critical zero-day vulnerability has been found in Zoom – A video conferencing software, for Windows 7 or below. The vulnerability allows an attacker to execute remote code on the victim’s system without triggering any security warning. To successfully exploit this vulnerability, the attacker tricks a victim to perform operations like opening a crafted document.

 

Vulnerability Details:

An anonymous researcher found this zero-day vulnerability and shared it with Acros Security, who then reported to Zoom with several attack scenarios, a working proof of concept, and fix recommendations.

The flaw is present in all the supported versions of  Zoom client for Windows but it can only be exploited in systems running Windows 7 or older Windows due to some system-specific configurations. Though Microsoft has ended official support for Windows 7, still millions of systems are running Windows 7.

0patch in their blog post stated that “this vulnerability is only exploitable on Windows 7 and earlier Windows versions. It is likely also exploitable on Windows Server 2008 R2 and earlier though we didn’t test that

Impact:

The vulnerability allows a remote attacker to execute arbitrary code on the affected system.

 

Affected Application:

Zoom 5.1.2 and below for Windows

 

We are closely monitoring the issue and will update the security checks in SanerNow once the CVE details and vendor patches become available.

Subscribe For Latest Updates

Get the latest research, best practices, industry trends and cybersecurity blogs from SecPod security experts

Invalid email address
We promise not to spam you. You can unsubscribe at any time.
Summary
Article Name
Zoom Zero-Day Critical Vulnerability Allows RCE
Author
Publisher Name
SecPod Technologies
Publisher Logo

Leave a Reply

Your email address will not be published. Required fields are marked *