CVE-2020-9767
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
1Exploited in Wild
-Decision
Descriptions
A vulnerability related to Dynamic-link Library (“DLL”) loading in the Zoom Sharing Service would allow an attacker who had local access to a machine on which the service was running with elevated privileges to elevate their system privileges as well through use of a malicious DLL. Zoom addressed this issue, which only applies to Windows users, in the 5.0.4 client release.
Una vulnerabilidad relacionada con la Carga de una Biblioteca de Enlace Dinámico ("DLL") en el servicio Zoom Sharing podría permitir a un atacante que tuviera acceso local a una máquina en la que se estaba ejecutando el servicio con privilegios elevados elevar sus privilegios system, así como también mediante el uso de una DLL maliciosa. Zoom corrigió este problema, que solo se aplica a los usuarios de Windows, en la versión del cliente 5.0.4.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2020-03-02 CVE Reserved
- 2020-08-14 CVE Published
- 2024-08-04 CVE Updated
- 2024-08-12 First Exploit
- 2025-03-30 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
CWE
- CWE-427: Uncontrolled Search Path Element
CAPEC
References (2)
| URL | Tag | Source |
|---|
| URL | Date | SRC |
|---|---|---|
| https://github.com/shubham0d/Zoom-dll-hijacking | 2024-08-12 |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| https://support.zoom.us/hc/en-us/articles/360044350792-Security-CVE-2020-9767 | 2020-08-21 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Zoom Search vendor "Zoom" | Sharing Service Search vendor "Zoom" for product "Sharing Service" | 5.0.4 Search vendor "Zoom" for product "Sharing Service" and version "5.0.4" | windows |
Affected
| ||||||