CVSS: 9.8EPSS: 0%CPEs: 3EXPL: 1CVE-2018-15715
https://notcve.org/view.php?id=CVE-2018-15715
Zoom clients on Windows (before version 4.1.34814.1119), Mac OS (before version 4.1.34801.1116), and Linux (2.4.129780.0915 and below) are vulnerable to unauthorized message processing. A remote unauthenticated attacker can spoof UDP messages from a meeting attendee or Zoom server in order to invoke functionality in the target client. This allows the attacker to remove attendees from meetings, spoof messages from users, or hijack shared screens. Los clientes de Zoom en Windows (antes de la versión 4.1.34814.1119), Mac OS (antes de la versión 4.1.34801.1116) y Linux (2.4.129780.0915 y anteriores) son vulnerables al procesamiento no autorizado de imágenes. Un atacante remoto no autenticado puede suplantar los mensajes UDP de un asistente a la reunión o de un servidor de Zoom para invocar funcionalidades en el cliente objetivo. • https://www.tenable.com/security/research/tra-2018-40 • CWE-20: Improper Input Validation CWE-290: Authentication Bypass by Spoofing •
CVSS: 9.3EPSS: 8%CPEs: 1EXPL: 4CVE-2017-15049 – Zoom Linux Client 2.0.106600.0904 - Command Injection
https://notcve.org/view.php?id=CVE-2017-15049
The ZoomLauncher binary in the Zoom client for Linux before 2.0.115900.1201 does not properly sanitize user input when constructing a shell command, which allows remote attackers to execute arbitrary code by leveraging the zoommtg:// scheme handler. El binario ZoomLauncher en el cliente Zoom para Linux en versiones anteriores a la 2.0.115900.1201 no sanea adecuadamente las entradas de usuarios al construir un comando shell, lo que permite que los atacantes remotos ejecuten código arbitrario aprovechando el controlador de esquemas zoommtg://. The binary /opt/zoom/ZoomLauncher is vulnerable to command injection because it uses user input to construct a shell command without proper sanitization. The client registers a scheme handler (zoommtg://) and this makes possible to trigger the vulnerability remotely. Version 2.0.106600.0904 is affected. • https://www.exploit-db.com/exploits/43354 http://packetstormsecurity.com/files/145453/Zoom-Linux-Client-2.0.106600.0904-Command-Injection.html http://seclists.org/fulldisclosure/2017/Dec/47 https://github.com/convisoappsec/advisories/blob/master/2017/CONVISO-17-003.txt • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 8.8EPSS: 4%CPEs: 1EXPL: 3CVE-2017-15048 – Zoom Linux Client 2.0.106600.0904 - Stack-Based Buffer Overflow (PoC)
https://notcve.org/view.php?id=CVE-2017-15048
Stack-based buffer overflow in the ZoomLauncher binary in the Zoom client for Linux before 2.0.115900.1201 allows remote attackers to execute arbitrary code by leveraging the zoommtg:// scheme handler. Desbordamiento de búfer basado en pila en el binario ZoomLauncher del cliente Zoom para Linux en versiones anteriores a la 2.0.115900.1201 permite que atacantes remotos ejecuten código arbitrario aprovechando el controlador de esquemas zoommtg://. The binary /opt/zoom/ZoomLauncher is vulnerable to a buffer overflow because it concatenates a overly long user input to a stack variable without checking if the destination buffer is long enough to hold the data. The binary also has important security features like canary turned off. The client registers a scheme handler (zoommtg://) and this makes possible to trigger the vulnerability remotely. • https://www.exploit-db.com/exploits/43355 http://packetstormsecurity.com/files/145452/Zoom-Linux-Client-2.0.106600.0904-Buffer-Overflow.html http://seclists.org/fulldisclosure/2017/Dec/46 https://github.com/convisoappsec/advisories/blob/master/2017/CONVISO-17-002.txt • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •