Zoom client application chat Giphy arbitrary file write [CVE-2020-6109]

June 4, 2020 Duncan 3268 Views 0 Comments Arbitrary File Write Vulnerability, CVE-2020-6109, Zoom 0 min read

CVE number – CVE-2020-6109

An exploitable path traversal vulnerability exists in the Zoom client, version 4.6.10 processes messages including animated GIFs. A specially crafted chat message can cause an arbitrary file write, which could potentially be abused to achieve arbitrary code execution. An attacker needs to send a specially crafted message to a target user or a group to exploit this vulnerability.

Vendor confirmed issue patched on 2020-04-21

Tested Versions

Zoom Client Application 4.6.10

CREDIT

Discovered by a member of Cisco Talos.

Duncan

Duncan is a technology professional with over 20 years experience of working in various IT roles. He has a interest in cyber security, and has a wide range of other skills in radio, electronics and telecommunications.

Zoom client application chat Giphy arbitrary file write [CVE-2020-6109]

Tested Versions

CREDIT

Like this:

Related Posts

Duncan

Leave a ReplyCancel reply

Tested Versions

CREDIT

Share this:

Like this:

Related Posts

Duncan

Leave a ReplyCancel reply