Zoom clients for Windows, MacOS and Linux security bypass
Zoom clients on Windows (before version 4.1.34814.1119), Mac OS (before version 4.1.34801.1116), and Linux (2.4.129780.0915 and below) are vulnerable to unauthorized message processing. A remote unauthenticated attacker can spoof UDP messages from a meeting attendee or Zoom server in order to invoke functionality in the target client. This allows the attacker to remove attendees from meetings, spoof messages from users, or hijack shared screens.
Zoom clients for Windows, MacOS and Linux could allow a remote attacker to bypass security restrictions, caused by improper message validation. By sending a specially-crafted request, an attacker could exploit this vulnerability to remove attendees from meetings, spoof messages from users, or hijack shared screens.
Awesome CVE PoC A curated list of CVE PoCs Here is a collection about Proof of Concepts of Common Vulnerabilities and Exposures, and you may also want to check out awesome-web-security Please read the contribution guidelines before contributing This repo is full of PoCs for CVEs If you enjoy this awesome list and would like to support it, check out my Patreon page :
A serious vulnerability in Zoom’s desktop conferencing application could allow a remote attacker to hijack screen controls and kick attendees out of meetings.
Researchers at Tenable who on Thursday released a proof of concept exploit for the unauthorized command execution flaw said that bug exists in Zoom’s event messaging pump. The vulnerability, CVE-2018-15715, is “critical” in severity and has a CVSS 3.0 score of 9.9.
“This vulnerability could be exploited in a few scena...