CVE-2020-6110

Name of the Vulnerable Software and Affected Versions Zoom Client version 4.6.10

Description An exploitable partial path traversal issue exists in the way Zoom Client processes messages including shared code snippets. A specially crafted chat message can cause an arbitrary binary planting which could be abused to achieve arbitrary code execution. An attacker needs to send a specially crafted message to a target user or a group to trigger this issue. For the most severe effect, target user interaction is required.

Recommendations For Zoom Client version 4.6.10, consider disabling the shared code snippets feature until a patch is available. Restrict access to chat messages that include shared code snippets to minimize the risk of exploitation. Avoid using shared code snippets in chat messages until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this issue.