7.5
CVSSv2

CVE-2018-15715

Published: 30/11/2018 Updated: 04/02/2019
CVSS v2 Base Score: 7.5 | Impact Score: 6.4 | Exploitability Score: 10
CVSS v3 Base Score: 9.8 | Impact Score: 5.9 | Exploitability Score: 3.9
VMScore: 668
Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P

Vulnerability Summary

Zoom clients on Windows (before version 4.1.34814.1119), Mac OS (before version 4.1.34801.1116), and Linux (2.4.129780.0915 and below) are vulnerable to unauthorized message processing. A remote unauthenticated attacker can spoof UDP messages from a meeting attendee or Zoom server in order to invoke functionality in the target client. This allows the malicious user to remove attendees from meetings, spoof messages from users, or hijack shared screens.

Vulnerability Trend

Affected Products

Vendor Product Versions
ZoomZoom2.4.129780.0915

Github Repositories

Awesome CVE PoC A curated list of CVE PoCs Here is a collection about Proof of Concepts of Common Vulnerabilities and Exposures, and you may also want to check out awesome-web-security Please read the contribution guidelines before contributing This repo is full of PoCs for CVEs If you enjoy this awesome list and would like to support it, check out my Patreon page :

Recent Articles

Critical Zoom Flaw Lets Hackers Hijack Conference Meetings
Threatpost • Lindsey O'Donnell • 29 Nov 2018

A serious vulnerability in Zoom’s desktop conferencing application could allow a remote attacker to hijack screen controls and kick attendees out of meetings.
Researchers at Tenable who on Thursday released a proof of concept exploit for the unauthorized command execution flaw said that bug exists in Zoom’s event messaging pump. The vulnerability, CVE-2018-15715, is “critical” in severity and has a CVSS 3.0 score of 9.9.
“This vulnerability could be exploited in a few scena...