Zoom Desktop Client for Windows and Zoom VDI Client - Improper Neutralization of Special Elements

Bulletin: ZSB-23038
CVEID: CVE-2023-39213
CVSS Severity: Critical
CVSS Score: 9.6
CVSS Vector String: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H

Description:

Improper neutralization of special elements in Zoom Desktop Client for Windows and Zoom VDI Client may allow an unauthenticated user to enable an escalation of privilege via network access.

Users can help keep themselves secure by applying current updates or downloading the latest Zoom software with all current security updates from https://zoom.us/download.

Affected Products:

Zoom Desktop Client for Windows before version 5.15.2
Zoom VDI Client before version 5.15.2
Zoom VDI Client before version 5.14.12

Source:

Reported by Zoom Offensive Security Team.

Revision	Date	Description
1.0	08/08/2023	Initial Publication

Zoom Desktop Client for Windows and Zoom VDI Client - Improper Neutralization of Special Elements

Subscribe for updates