Published: 08/06/2020 Updated: 12/05/2022

CVSS v2 Base Score: 6.8 | Impact Score: 6.4 | Exploitability Score: 8.6

CVSS v3 Base Score: 8.8 | Impact Score: 5.9 | Exploitability Score: 2.8

VMScore: 605

Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P

An exploitable partial path traversal vulnerability exists in the way Zoom Client version 4.6.10 processes messages including shared code snippets. A specially crafted chat message can cause an arbitrary binary planting which could be abused to achieve arbitrary code execution. An attacker needs to send a specially crafted message to a target user or a group to trigger this vulnerability. For the most severe effect, target user interaction is required.

Vulnerable Product	Search on Vulmon	Subscribe to Product
zoom zoom 4.6.10

Update Firefox: Mozilla just patched three hijack-me holes and a bunch of other flaws

The Register • Shaun Nichols in San Francisco • 04 Jun 2020

Plus: Zoom fixes code-execution security bugs Prepare to have your shonky password hygiene shamed by Firefox 76

Mozilla has emitted security updates for Firefox to address eight CVE-listed security flaws, five of them considered to be high-risk vulnerabilities. The patches, present in Firefox 77, should be downloaded and installed automatically for most users, so if you haven't closed out and relaunched your browser in a while, now might be a good time. Of the five high-risk flaws, three are confirmed to allow arbitrary code execution, which in the case of a web browser means that simply loading up a mali...

CVE-2020-6110

Vulnerability Summary

Vulnerability Trend

Recent Articles

References

Vulmon Search

About

Products

Connect