Zoom Apps and SDKs - Race Condition

  • ZSB-24021
  • CVE-2024-27238
  • Medium
  • 4.4
  • CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L

Race condition in the installer for some Zoom Apps and SDKs for Windows before version 6.0.0 may allow an authenticated user to conduct a privilege escalation via local access.

 

Users can help keep themselves secure by applying the latest updates available at https://zoom.us/download.

  • Zoom Workplace Desktop App for Windows before version 6.0.0
  • Zoom Rooms App for Windows before version 6.0.0
  • Zoom Meeting SDK for Windows before version 6.0.0

Reported by sim0nsecurity.

Revision Date Description
1.0 07/09/2024

Initial publication.