Zoom UNC Path injection rendering leads to malicious Remote Code Execution (RCE) from meeting download windows Watch Video
Preview(s):
Gallery
Play Video: (Note: The default playback of the video is HD VERSION. If your browser is buffering the video slowly, please play the REGULAR MP4 VERSION or Open The Video below for better experience. Thank you!)
Description: The Zoom Windows client is vulnerable to UNC path injection in the client's chat feature that could allow attackers to steal the Windows credentials of users who click on the link.nnWhen using the Zoom client, meeting participants can communicate with each other by sending text messages through a chat interface.nnWhen sending a chat message, any URLs that are sent are converted into hyperlinks so that other members can click on them to open a web page in their default browser.nnnnScenario One (R
Play Video: (Note: The default playback of the video is HD VERSION. If your browser is buffering the video slowly, please play the REGULAR MP4 VERSION or Open The Video below for better experience. Thank you!)