Published: 08/06/2020 Updated: 12/05/2022

CVSS v2 Base Score: 7.5 | Impact Score: 6.4 | Exploitability Score: 10

CVSS v3 Base Score: 9.8 | Impact Score: 5.9 | Exploitability Score: 3.9

VMScore: 668

Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P

An exploitable path traversal vulnerability exists in the Zoom client, version 4.6.10 processes messages including animated GIFs. A specially crafted chat message can cause an arbitrary file write, which could potentially be abused to achieve arbitrary code execution. An attacker needs to send a specially crafted message to a target user or a group to exploit this vulnerability.

Vulnerable Product	Search on Vulmon	Subscribe to Product
zoom zoom 4.6.10

Update Firefox: Mozilla just patched three hijack-me holes and a bunch of other flaws

The Register • Shaun Nichols in San Francisco • 04 Jun 2020

Plus: Zoom fixes code-execution security bugs Prepare to have your shonky password hygiene shamed by Firefox 76

Mozilla has emitted security updates for Firefox to address eight CVE-listed security flaws, five of them considered to be high-risk vulnerabilities. The patches, present in Firefox 77, should be downloaded and installed automatically for most users, so if you haven't closed out and relaunched your browser in a while, now might be a good time. Of the five high-risk flaws, three are confirmed to allow arbitrary code execution, which in the case of a web browser means that simply loading up a mali...

CVE-2020-6109

Vulnerability Summary

Vulnerability Trend

Recent Articles

References

Vulmon Search

About

Products

Connect