A member of Cisco Talos discovered this vulnerability. Blog by Jon Munshaw.
Cisco Talos recently discovered two vulnerabilities in the popular Zoom video chatting application that could allow a malicious user to execute arbitrary code on victims’ machines. Video conferencing software has skyrocketed in popularity during the COVID-19 pandemic as individuals across the globe are encouraged to work from home and avoid close face-to-face contact with friends and family.
In accordance with our coordinated disclosure policy, Cisco Talos worked with Zoom to ensure thatthese issues are resolved. TALOS-2020-1056 was fixed in May. Zoom fixed TALOS-2020-1055 server-side in a separate update, though Cisco Talos believes it still requires a fix on the client-side to completely resolve the security risk.
Vulnerability details
Zoom client application chat Giphy arbitrary file write (TALOS-2020-1055/CVE-2020-6109)
An exploitable path traversal vulnerability exists in the Zoom Client version 4.6.10 processes messages including animated GIFs. A specially crafted chat message can cause an arbitrary file write which could potentially be further abused to achieve arbitrary code execution. In order to trigger this vulnerability, an attacker needs to send a specially crafted message to a target user or a group.
Only Giphy servers were originally supposed to be used for this feature in Zoom. However, the content from an arbitrary server would be loaded in this case, which could be abused to further leak information or abuse other vulnerabilities.
Read the complete vulnerability advisory vulnerability spotlight vulnerabilities could execution
