CRITICAL 9.8
CVE-2020-6109
EN An exploitable path traversal vulnerability exists in the Zoom client, version 4.6.10 processes messages including animated GIFs. A specially crafted chat message can cause an arbitrary file write, which could potentially be abused to achieve arbitrary code execution. An attacker needs to send a specially crafted message to a target user or a group to exploit this vulnerability.
CVSS v3
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Apps suivies affectées
Configurations CPE vulnérables
| Vendor | Produit | Plateforme | Versions | CPE 2.3 URI |
|---|---|---|---|---|
| zoom | zoom | Android | — | cpe:2.3:a:zoom:zoom:4.6.10:*:*:*:*:*:*:* |
| zoom | zoom | iOS | — | cpe:2.3:a:zoom:zoom:4.6.10:*:*:*:*:*:*:* |