Free and open-source vulnerability scanner
Mageni eases for you the vulnerability scanning, assessment, and management process. It is free and open-source.
Install NowAvailable for macOS, Windows, and Linux
Zoom Client < 4.6.10 Windows Installer Vulnerability (ZSB-20001) - Windows
Information
Severity
Severity
Family
Family
CVSSv2 Base
CVSSv2 Base
CVSSv2 Vector
CVSSv2 Vector
Solution Type
Solution Type
Created
Created
Modified
Modified
Summary
Zoom Client is prone to a vulnerability in the Windows installer.
Insight
Insight
A vulnerability in how the Zoom Windows installer handles junctions when deleting files could allow a local Windows user to delete files otherwise not deletable by the user. The vulnerability is due to insufficient checking for junctions in the directory from which the installer deletes files, which is writable by standard users. A malicious local user could exploit this vulnerability by creating a junction in the affected directory that points to protected system files or other files to which the user does not have permissions. Upon running the Zoom Windows installer with elevated permissions, as is the case when it is run through managed deployment software, those files would get deleted from the system.
Affected Software
Affected Software
Zoom Client versions prior to 4.6.10 on Windows.
Detection Method
Detection Method
Checks if a vulnerable version is present on the target host.
Solution
Solution
Update to version 4.6.10 or later.