Members of Cisco’s Talos threat intelligence and research group have identified two vulnerabilities in the Zoom client application that can allow a remote attacker to write files to the targeted user’s system and possibly achieve arbitrary code execution.
The vulnerabilities, tracked as CVE-2020-6109 and CVE-2020-6110 and both rated high severity, have been described as path traversal issues that could ultimately lead to arbitrary code execution. One impacts Zoom 4.6.10, 4.6.11 and likely earlier versions, and one of them only affects 4.6.10 and earlier. Newer versions of the video conferencing app patch the flaws.
CVE-2020-6109 is related to the way Zoom processes GIF image files. The vulnerability allows an attacker to send a specially crafted message to a user or group and it would result in a file being written to any directory to which the current user can write files.
According to Talos, the file would have a .gif extension but its content could be executable code or a script, which could aid the attacker in the exploitation of other vulnerabilities.
Exploitation of CVE-2020-6110 also involves sending a specially crafted message to a user or a group. Successful exploitation can result in a self-extracting ZIP file being written to certain folders, which could be useful for exploiting other flaws. However, Talos noted in its advisory, that an attacker can also achieve code execution, but this requires some user interaction.
In an attack scenario described by the company, the attacker sends a malicious ZIP file to the target with a name and extension that is unlikely to raise suspicion (e.g. interesting_image.jpeg). The user downloads the file, but they will not be able to open ..
Support the originator by clicking the read the rest link below.
