CVE-2024-24696

Name of the Vulnerable Software and Affected Versions Zoom Desktop Client for Windows (affected versions not specified) Zoom VDI Client for Windows (affected versions not specified) Zoom Meeting SDK for Windows (affected versions not specified)

Description The issue is related to improper input validation in Zoom software for Windows, which may allow an authenticated user to disclose information via network access. This can be exploited by a remote attacker to reveal protected information.

Recommendations For Zoom Desktop Client for Windows, consider restricting network access until a fix is available. For Zoom VDI Client for Windows, avoid using the software for sensitive information exchange until the issue is resolved. For Zoom Meeting SDK for Windows, as a temporary workaround, consider disabling the chat functionality to minimize the risk of information disclosure. At the moment, there is no information about a newer version that contains a fix for this vulnerability.