CVE-2020-11443

Name of the Vulnerable Software and Affected Versions Zoom versions prior to 4.6.10

Description The issue concerns the Zoom IT installer for Windows, which can delete files located in %APPDATA%Zoom before installing an updated version of the client. Since standard users can write to this directory and create links to other directories on the machine, a user can cause the installer to delete files that otherwise cannot be deleted by the user. This is possible because the installer runs with SYSTEM privileges and follows these links.

Recommendations For versions prior to 4.6.10, update to version 4.6.10 or later to resolve the issue. As a temporary workaround, consider restricting write access to the %APPDATA%Zoom directory to prevent users from creating malicious links.