Show vulnerabilities with patch / with exploit
10 July 2020

RCE-bug found in Zoom client for Windows


RCE-bug found in Zoom client for Windows

Zoom, a company behind the popular videoconferencing software, is working on a patch for a serious vulnerability in its Zoom client for Windows.

Reported by Across security, the issue is a remote code execution flaw that allows an adversary to execute code by tricking a victim into performing some typical action such as opening document file without any warning being shown to the user.

According to the 0patch team, the flaw has several mitigating factors. Firstly, it is only exploitable on systems running Windows 7 and older versions of the operating system that are no longer supported by Microsoft. Secondly, the attack requires user interaction.

Zoom has confirmed the vulnerability in a statement.

“Zoom takes all reports of potential security vulnerabilities seriously. This morning we received a report of an issue impacting users running Windows 7 and older. We have confirmed this issue and are currently working on a patch to quickly resolve it,” the company said.

Back to the list

Latest Posts

Iranian APT Oilrig becomes the first group to weaponize DNS-over-HTTPS

Iranian APT Oilrig becomes the first group to weaponize DNS-over-HTTPS

Oilrig members have added a new DNSExfiltrator utility to their hacking arsenal.
5 August 2020
Hacker published passwords for over 900 corporate VPN servers

Hacker published passwords for over 900 corporate VPN servers

The list was published on a Russian-speaking hacker forum frequented by different ransomware operators.
5 August 2020
Maze operators published dozens of GBs of data from LG and Xerox

Maze operators published dozens of GBs of data from LG and Xerox

Stolen information may include Xerox support records and source code for the firmware of various LG products.
4 August 2020