Zoom zero-day flaw allows code execution on victim's Windows machine - Help Net Security

Zoom zero-day flaw allows code execution on victim's Windows machine - Help Net Security

A zero-day vulnerability in Zoom for Windows may be exploited by an attacker to execute arbitrary code on a victim’s computer. The attack doesn’t trigger a security warning and can be pulled off by getting the victim to perform a typical action such as opening a received document file.



Acros Security, the creators of 0patch, have pushed out a micropatch that will close the security hole until Zoom Video Communications delivers a fix.


About the vulnerability


The vulnerability was discovered by an unnamed researcher and reported to Acros Security, who reported it to Zoom earlier today.


Is is present in all supported versions of the Zoom client for Windows, and the 0patch team created a micropatch for all (starting with v5.0.3 and all up to the latest one – v5.1.2).


..

Support the originator by clicking the read the rest link below.