Saturday, September 7, 2024
HomeCVE/vulnerabilityZoom 0day Vulnerability Let Remote Attacker to Execute Arbitrary Code on Victim's...

Zoom 0day Vulnerability Let Remote Attacker to Execute Arbitrary Code on Victim’s Computer

Published on

A new remote code execution “0day” flaw with Zoom Client for Windows allows remote attackers to execute arbitrary code on Windows computer where the vulnerable version of Zoom client installed.

The vulnerability was found by a researcher who wants to keep their identity private, the vulnerability can be exploited by an attacker by making the victim open the malicious document file.

Zoom is a popular video conferencing software across the globe that are used by individuals across the globe to work from and to stay in touch with friends and family.

- Advertisement - EHA

Zoom 0day Vulnerability

The vulnerability can be exploitable only on Windows 7 and other older versions of the Windows machine. Clients running on Windows 8 or Windows 10 are not affected.

ACROS Security has reported the issue to Zoom and released a micropatch for its 0patch to prevent the exploitation until the Zoom releases an official fix.

Now micropatches are available to everyone for free who using the 0patch agent, to minimize the risk of exploitation researchers not published details on this vulnerability until Zoom releases an official fix.

Researchers also shared a video that explains the actual attack and how 0patch blocks the attack. “Exploitation requires some social engineering – which is practically always the case with user-side remote code execution vulnerabilities,” Mitja Kolsek, 0patch co-founder.

Zoom confirmed the vulnerability, “Zoom takes all reports of potential security vulnerabilities seriously. This morning we received a report of an issue impacting users running Windows 7 and older. We have confirmed this issue and are currently working on a patch to quickly resolve it.”

You can follow us on LinkedinTwitterFacebook for daily Cybersecurity and hacking news updates.

Also Read

New Zoom Flaw Let Attackers to Hack into the Systems of Participants via Chat Messages

Hackers Use Fake Zoom Installers to Install Backdoor and Devil Shadow Botnet on Windows Computers

Gurubaran
Gurubaran
Gurubaran is a co-founder of Cyber Security News and GBHackers On Security. He has 10+ years of experience as a Security Consultant, Editor, and Analyst in cybersecurity, technology, and communications.

Latest articles

BBTok Abuses Legitimate Windows Utility Command Tool to Stay Undetected

Cybercriminals in Latin America have increased their use of phishing scams targeting business transactions...

Predator Spyware Exploiting “one-click” & “zero-click” Flaws

Recent research indicates that the Predator spyware, once thought to be inactive due to...

Tropic Trooper Attacks Government Organizations to Steal Sensitive Data

Tropic Trooper (aka KeyBoy, Pirate Panda, and APT23) is a sophisticated cyberespionage APT group,...

NoiseAttack is a Novel Backdoor That Uses Power Spectral Density For Evasion

NoiseAttack is a new method of secretly attacking deep learning models. It uses triggers...

Free Webinar

Decoding Compliance | What CISOs Need to Know

Non-compliance can result in substantial financial penalties, with average fines reaching up to $4.5 million for GDPR breaches alone.

Join us for an insightful panel discussion with Chandan Pani, CISO - LTIMindtree and Ashish Tandon, Founder & CEO – Indusface, as we explore the multifaceted role of compliance in securing modern enterprises.

Discussion points

The Role of Compliance
The Alphabet Soup of Compliance
Compliance
SaaS and Compliance
Indusface's Approach to Compliance

More like this

SonicWall Access Control Vulnerability Exploited in the Wild

SonicWall has issued an urgent advisory regarding a critical vulnerability in its SonicOS management...

Apache OFBiz for Linux & Windows Vulnerability Allows Unauthenticated Remote Code Execution

A series of vulnerabilities affecting Apache OFBiz has come to light, raising significant cybersecurity...

Veeam Backup & Replication Vulnerabilities Let Attackers Execute Remote Code

Multiple critical vulnerabilities have been identified in Veeam Backup & Replication, a widely-used data...