CVE-2019-13450

Name of the Vulnerable Software and Affected Versions Zoom Client versions prior to 4.4.4 RingCentral version 7.0.136380.0312

Description The issue allows remote attackers to force a user to join a video call with the video camera active. This is possible because any website can interact with the Zoom web server on localhost port 19421 or 19424. A machine remains vulnerable even if the Zoom Client was installed and then uninstalled.

Recommendations For Zoom Client versions prior to 4.4.4, to block exploitation, set the ZDisableVideo preference and/or kill the web server, delete the ~/.zoomus directory, and create a ~/.zoomus plain file. For RingCentral version 7.0.136380.0312, at the moment, there is no information about a newer version that contains a fix for this vulnerability.