Zoom Desktop Client for Windows, Zoom VDI Client for Windows, and Zoom Meeting SDK for Windows - Improper Input Validation

Bulletin: ZSB-24008
CVEID: CVE-2024-24691
CVSS Severity: Critical
CVSS Score: 9.6
CVSS Vector String: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H

Description:

Improper input validation in Zoom Desktop Client for Windows, Zoom VDI Client for Windows, and Zoom Meeting SDK for Windows may allow an unauthenticated user to conduct an escalation of privilege via network access.

Users can help keep themselves secure by applying the latest updates available at https://zoom.us/download.

Affected Products:

Zoom Desktop Client for Windows before version 5.16.5
Zoom VDI Client for Windows before version 5.16.10 (excluding 5.14.14 and 5.15.12)
Zoom Rooms Client for Windows before version 5.17.0
Zoom Meeting SDK for Windows before version 5.16.5

Source:

Reported by Zoom Offensive Security.

Revision	Date	Description
1.0	02/13/2024	Initial publication.

Zoom Desktop Client for Windows, Zoom VDI Client for Windows, and Zoom Meeting SDK for Windows - Improper Input Validation

Subscribe for updates