PT-2021-20520 · Zoom · Zoom Plugin For Microsoft Outlook

Published

2021-09-27

Updated

2021-10-07

CVE-2021-34413

CVSS v3.1

7.5

High

Vector

AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions: Zoom Plugin for Microsoft Outlook for MacOS versions prior to 5.3.52553.0918

Description: The issue is related to a Time-of-check Time-of-use (TOC/TOU) vulnerability that occurs during the plugin installation process. This could allow a standard user to write their own malicious application to the plugin directory, allowing the malicious application to execute in a privileged context.

Recommendations: For versions prior to 5.3.52553.0918, update to version 5.3.52553.0918 or later to resolve the issue. As a temporary workaround, consider restricting access to the plugin directory to minimize the risk of exploitation.

Fix

Time Of Check To Time Of Use

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-367

Related Identifiers

CVE-2021-34413

Affected Products

Zoom Plugin For Microsoft Outlook

PT-2021-20520 · Zoom · Zoom Plugin For Microsoft Outlook

CVE-2021-34413

Weakness Enumeration

Related Identifiers

Affected Products

References · 6