Test ID:	1.3.6.1.4.1.25623.1.0.117736
Category:	General
Title:	Zoom Client < 4.6.12 Multiple Vulnerabilities (Jun 2020)
Summary:	The Zoom Client is prone to multiple vulnerabilities.
Description:	Summary: The Zoom Client is prone to multiple vulnerabilities. Vulnerability Insight: The following flaws exist: CVE-2020-6109: Zoom client application chat Giphy arbitrary file write An exploitable path traversal vulnerability exists in the Zoom client while processing messages including animated GIFs. A specially crafted chat message can cause an arbitrary file write, which could potentially be abused to achieve arbitrary code execution. An attacker needs to send a specially crafted message to a target user or a group to exploit this vulnerability. CVE-2020-6110: Zoom Client Application Chat Code Snippet Remote Code Execution Vulnerability An exploitable partial path traversal vulnerability exists in the way Zoom Client processes messages including shared code snippets. A specially crafted chat message can cause an arbitrary binary planting which could be abused to achieve arbitrary code execution. An attacker needs to send a specially crafted message to a target user or a group to trigger this vulnerability. For the most severe effect, target user interaction is required. Affected Software/OS: Zoom Client versions prior to 4.6.12. Solution: Update to version 4.6.12 or later. CVSS Score: 7.5 CVSS Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2020-6109 https://talosintelligence.com/vulnerability_reports/TALOS-2020-1055 Common Vulnerability Exposure (CVE) ID: CVE-2020-6110 https://talosintelligence.com/vulnerability_reports/TALOS-2020-1056
Copyright	Copyright (C) 2021 Greenbone Networks GmbH

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.