HIGH 8.8
CVE-2020-6110
EN An exploitable partial path traversal vulnerability exists in the way Zoom Client version 4.6.10 processes messages including shared code snippets. A specially crafted chat message can cause an arbitrary binary planting which could be abused to achieve arbitrary code execution. An attacker needs to send a specially crafted message to a target user or a group to trigger this vulnerability. For the most severe effect, target user interaction is required.
CVSS v3
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Apps suivies affectées
Configurations CPE vulnérables
| Vendor | Produit | Plateforme | Versions | CPE 2.3 URI |
|---|---|---|---|---|
| zoom | zoom | Android | — | cpe:2.3:a:zoom:zoom:4.6.10:*:*:*:*:*:*:* |
| zoom | zoom | iOS | — | cpe:2.3:a:zoom:zoom:4.6.10:*:*:*:*:*:*:* |