Zoom Apps and SDKs - Race Condition

Bulletin: ZSB-24021
CVEID: CVE-2024-27238
CVSS Severity: Medium
CVSS Score: 4.4
CVSS Vector String: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L

Description:

Race condition in the installer for some Zoom Apps and SDKs for Windows before version 6.0.0 may allow an authenticated user to conduct a privilege escalation via local access.

Users can help keep themselves secure by applying the latest updates available at https://zoom.us/download.

Affected Products:

Zoom Workplace Desktop App for Windows before version 6.0.0
Zoom Rooms App for Windows before version 6.0.0
Zoom Meeting SDK for Windows before version 6.0.0

Source:

Reported by sim0nsecurity.

Revision	Date	Description
1.0	07/09/2024	Initial publication.

Zoom Apps and SDKs - Race Condition

Subscribe for updates