Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Vulnerabilities

Zoom Patches Two Serious Vulnerabilities Found by Cisco Researchers

Members of Cisco’s Talos threat intelligence and research group have identified two vulnerabilities in the Zoom client application that can allow a remote attacker to write files to the targeted user’s system and possibly achieve arbitrary code execution.

Members of Cisco’s Talos threat intelligence and research group have identified two vulnerabilities in the Zoom client application that can allow a remote attacker to write files to the targeted user’s system and possibly achieve arbitrary code execution.

The vulnerabilities, tracked as CVE-2020-6109 and CVE-2020-6110 and both rated high severity, have been described as path traversal issues that could ultimately lead to arbitrary code execution. One impacts Zoom 4.6.10, 4.6.11 and likely earlier versions, and one of them only affects 4.6.10 and earlier. Newer versions of the video conferencing app patch the flaws.

CVE-2020-6109 is related to the way Zoom processes GIF image files. The vulnerability allows an attacker to send a specially crafted message to a user or group and it would result in a file being written to any directory to which the current user can write files.

According to Talos, the file would have a .gif extension but its content could be executable code or a script, which could aid the attacker in the exploitation of other vulnerabilities.

Exploitation of CVE-2020-6110 also involves sending a specially crafted message to a user or a group. Successful exploitation can result in a self-extracting ZIP file being written to certain folders, which could be useful for exploiting other flaws. However, Talos noted in its advisory, that an attacker can also achieve code execution, but this requires some user interaction.

In an attack scenario described by the company, the attacker sends a malicious ZIP file to the target with a name and extension that is unlikely to raise suspicion (e.g. interesting_image.jpeg). The user downloads the file, but they will not be able to open it directly due to the fact that it’s not a real image and it doesn’t have an archive extension for it to be opened by an archiving tool.

The attacker then sends the victim a code snippet via Zoom with the same file ID and the same details in the obj tag. When Zoom sees that the file has already been downloaded, it will unzip the previously downloaded file to a location picked by the attacker — this can be nearly any folder. If an attacker uses this technique to overwrite files that are at some point executed by the system, they will achieve execution of their own code.

Zoom has promised to make improvements when it comes to patching vulnerabilities reported by external parties and the company is working on revamping its bug bounty program.

Advertisement. Scroll to continue reading.

Zoom is also working on implementing end-to-end encryption to offer better security and privacy, but the feature will only be available to paying customers and schools. The company revealed that free users, which are more likely to abuse its platform, will not get end-to-end encryption to allow law enforcement to conduct investigations.

Related: Flaw Could Have Allowed Hackers to Identify All Zoom Users in a Company

Related: Zoom Vulnerabilities Expose Users to Spying, Other Attacks

Related: Vulnerability Allowed Attackers to Join Zoom Meetings

Written By

Eduard Kovacs (@EduardKovacs) is a managing editor at SecurityWeek. He worked as a high school IT teacher for two years before starting a career in journalism as Softpedia’s security news reporter. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.

Click to comment

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Understand how to go beyond effectively communicating new security strategies and recommendations.

Register

Join us for an in depth exploration of the critical nature of software and vendor supply chain security issues with a focus on understanding how attacks against identity infrastructure come with major cascading effects.

Register

Expert Insights

Related Content

Vulnerabilities

Less than a week after announcing that it would suspended service indefinitely due to a conflict with an (at the time) unnamed security researcher...

Data Breaches

OpenAI has confirmed a ChatGPT data breach on the same day a security firm reported seeing the use of a component affected by an...

IoT Security

A group of seven security researchers have discovered numerous vulnerabilities in vehicles from 16 car makers, including bugs that allowed them to control car...

Vulnerabilities

A researcher at IOActive discovered that home security systems from SimpliSafe are plagued by a vulnerability that allows tech savvy burglars to remotely disable...

Risk Management

The supply chain threat is directly linked to attack surface management, but the supply chain must be known and understood before it can be...

Cybercrime

Patch Tuesday: Microsoft calls attention to a series of zero-day remote code execution attacks hitting its Office productivity suite.

Vulnerabilities

Patch Tuesday: Microsoft warns vulnerability (CVE-2023-23397) could lead to exploitation before an email is viewed in the Preview Pane.

Vulnerabilities

The latest Chrome update brings patches for eight vulnerabilities, including seven reported by external researchers.