Site icon DataSec Peripherals Pvt Ltd

Multiple Vulnerability in Zoom Products

shashikant redekar

Original Issue Date: December 08, 2021

Severity Rating: HIGH

Software Affected

Zoom Client for Meetings (for Android, iOS, Linux, macOS, and Windows) before version 5.8.4

Zoom Client for Meetings for Blackberry (for Android and iOS) before version 5.8.1

Zoom Client for Meetings for in tune (for Android and iOS) before version 5.8.4

Zoom Client for Meetings for Chrome OS before version 5.0.1

Zoom Rooms for Conference Room (for Android, Android Bali, macOS, and Windows) before version  5.8.3

Controllers for Zoom Rooms (for Android, iOS, and Windows) before version 5.8.3

Zoom VDI Windows Meeting Client before version 5.8.4

Zoom VDI Azure Virtual Desktop Plugins (for Windows x86 or x64, IGEL x64, Ubuntu x64, HP Thin Pro OS x64) before version 5.8.4.21112

Zoom VDI Citrix Plugins (for Windows x86 or x64, Mac Universal Installer & Uninstaller, IGEL x64, e Lux RP6 x64, HP Thin Pro OS x64, Ubuntu x64, CentOS x 64, Dell Thin OS) before version 5.8.4.21112

Zoom VDI VMware Plugins (for Windows x86 or x64, Mac Universal Installer & Uninstaller, IGEL x64, e Lux RP6 x64, HP Thin Pro OS x64, Ubuntu x64, CentOS x 64, Dell Thin OS) before version 5.8.4.21112

Zoom Meeting SDK for Android before version 5.7.6.1922

Zoom Meeting SDK for iOS before version 5.7.6.1082

Zoom Meeting SDK for macOS before version 5.7.6.1340

Zoom Meeting SDK for Windows before version 5.7.6.1081

Zoom Video SDK (for Android, iOS, macOS, and Windows) before version 1.1.2

Zoom On-Premise Meeting Connector Controller before version 4.8.12.20211115

Zoom On-Premise Meeting Connector MMR before version 4.8.12.20211115

Zoom On-Premise Recording Connector before version 5.1.0.65.20211116

Zoom On-Premise Virtual Room Connector before version 4.4.7266.20211117

Zoom On-Premise Virtual Room Connector Load Balancer before version 2.5.5692.20211117

Zoom Hybrid Z proxy before version 1.0.1058.20211116

Zoom Hybrid MMR before version 4.6.20211116.131_x86-64  

 Overview

Multiple vulnerabilities have been reported in Zoom products which could allow an attacker to execute arbitrary code and enable

to access arbitrary areas of the product ¿s memory on the targeted system.

Description

These Vulnerabilities exits in Zoom products due to buffer over flow vulnerability, and the exposure of the state of process

memory.

Successful exploitation of these vulnerabilities could allow an attacker to crash the service or application, execute arbitrary code,

and enable to access arbitrary areas of the product ¿s memory on the targeted system.

Solution

Apply appropriate updates as mentioned by vendor:

https://explore.zoom.us/en/trust/security/security-bulletin/

Exit mobile version