Zoom Clients - Untrusted Search Path

  • ZSB-24004
  • CVE-2024-24697
  • High
  • 7.2
  • CVSS:3.1/AV:L/AC:H/PR:H/UI:R/S:C/C:H/I:H/A:H

Untrusted search path in some Zoom 32 bit Windows clients may allow an authenticated user to conduct an escalation of privilege via local access.

 

Users can help keep themselves secure by applying the latest updates available at https://zoom.us/download.  

  • Zoom Desktop Client for Windows before version 5.17.0
  • Zoom VDI Client for Windows before version 5.17.5 (excluding 5.15.15 and 5.16.12)
  • Zoom Meeting SDK for Windows before version 5.17.0
  • Zoom Rooms Client for Windows before version 5.17.0

Reported by sim0nsecurity.

Revision Date Description
1.0 02/13/2024

Initial publication.