vulnerability

Zoom: CVE-2020-6110: Zoom Client Application Chat Code Snippet Remote Code Execution Vulnerability

Try Surface Command

Back to search

Severity	CVSS	Published	Added	Modified
7	(AV:N/AC:M/Au:N/C:P/I:P/A:P)	Jun 3, 2020	Jun 4, 2020	Jun 15, 2020

Severity

CVSS

(AV:N/AC:M/Au:N/C:P/I:P/A:P)

Published

Jun 3, 2020

Added

Jun 4, 2020

Modified

Jun 15, 2020

Description

An exploitable partial path traversal vulnerability exists in the way Zoom Client version 4.6.10 processes messages including shared code snippets. A specially crafted chat message can cause an arbitrary binary planting which could be abused to achieve arbitrary code execution. An attacker needs to send a specially crafted message to a target user or a group to trigger this vulnerability. For the most severe effect, target user interaction is required.

Solution

zoom-windows-upgrade-4_6_12_20613_0421

References

CVE-2020-6110
https://attackerkb.com/topics/CVE-2020-6110
URL-https://talosintelligence.com/vulnerability_reports/TALOS-2020-1056

NEW

Explore Exposure Command

Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.

Try it today