vulnerability

Zoom: CVE-2020-9767: DLL Loading Elevation of Privilege Vulnerability

Try Surface Command

Back to search

Severity	CVSS	Published	Added	Modified
8	(AV:L/AC:L/Au:N/C:C/I:C/A:C)	Aug 14, 2020	Dec 8, 2020	Dec 8, 2020

Severity

CVSS

(AV:L/AC:L/Au:N/C:C/I:C/A:C)

Published

Aug 14, 2020

Added

Dec 8, 2020

Modified

Dec 8, 2020

Description

A vulnerability related to Dynamic-link Library (“DLL”) loading in the Zoom Sharing Service would allow an attacker who had local access to a machine on which the service was running with elevated privileges to elevate their system privileges as well through use of a malicious DLL. Zoom addressed this issue, which only applies to Windows users, in the 5.0.4 client release.

Solution

zoom-windows-upgrade-5_0_4

References

CVE-2020-9767
https://attackerkb.com/topics/CVE-2020-9767
URL-https://support.zoom.us/hc/en-us/articles/360044350792-Security-CVE-2020-9767

NEW

Explore Exposure Command

Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.

Try it today