A zero-day vulnerability has been discovered in Zoom video conferencing software for Windows that could allow an attacker to execute arbitrary code on a victim’s computer running Microsoft Windows 7 or older.
To successfully exploit the zoom vulnerability, all an attacker needs to do is tricking a Zoom user into performing some typical action like opening a received document file. No security warning is triggered or shown to the user at the time of the attack.
The vulnerability has been discovered by a researcher who reported it to Acros Security, who then reported the flaw to the Zoom security team earlier today. The researcher wishes to remain anonymous.
Although the flaw is present in all supported versions of the Zoom client for Windows, it is only exploitable on systems running Windows 7 and older Windows systems due to some specific system characteristics.
“This vulnerability is only exploitable on Windows 7 and earlier Windows versions. It is likely also exploitable on Windows Server 2008 R2 and earlier though we didn’t test that,” Mitja Kolsek, 0patch co-founder, said in a blog post published Thursday.
images from Hacker News