Vng · Zalo Desktop · CVE-2020-16087
**Name of the Vulnerable Software and Affected Versions**
VNG Zalo Desktop version 19.8.1.0
**Description**
An issue was discovered in Zalo.exe that allows an attacker to run arbitrary commands on a remote Windows machine running the Zalo client. This can be achieved by sending the user of the device a crafted file.
**Recommendations**
For version 19.8.1.0, at the moment, there is no information about a newer version that contains a fix for this vulnerability.