CVE-2020-6109

Name of the Vulnerable Software and Affected Versions Zoom client version 4.6.10

Description An exploitable path traversal vulnerability exists in the Zoom client, which processes messages including animated GIFs. A specially crafted chat message can cause an arbitrary file write, potentially leading to arbitrary code execution. An attacker needs to send a specially crafted message to a target user or a group to exploit this vulnerability.

Recommendations For Zoom client version 4.6.10, update to a newer version to mitigate the risk of exploitation. As a temporary workaround, consider restricting the use of animated GIFs in chat messages until a patch is available. Avoid using the Zoom client to process untrusted or specially crafted chat messages until the issue is resolved.