HackAndPwn
Security & Vulnerability Researcher / Professional Penetration Tester

CVE-2020-11443

The Zoom IT installer for Windows (ZoomInstallerFull.msi) prior to version 4.6.10 deletes files located in %APPDATA%\Zoom before installing an updated version of the client. Standard users are able to write to this directory, and can write links to other directories on the machine. As the installer runs with SYSTEM privileges and follows these links, a user can cause the installer to delete files otherwise not deletable by the user.

CVSS v3.0 Severity and Metrics

Base Score: 8.4 (High Severity)
Attack Vector: Local
Attack Complexity: Low
Privileges Required: Low
User Interaction: None
Scope: Changed
Confidentiality: None
Integrity: High
Availability: High
Vector String: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:H/A:H

Zoom Security Advisory: CVE-2020-11443


Zoom implemented a fix for this issue in the Zoom IT installer for Windows version 4.6.10 published on April 7, 2020.

Zoom for Windows 4.6.10 Release Notes

April 7, 2020 version 4.6.10 (20033.0407)
Download Type: Prompted

Changes to existing features

  • Remove the meeting ID from the title bar
    The meeting ID will no longer be displayed in the title bar of the Zoom meeting window. The meeting ID can be found by clicking on the info icon at the top left of the client window or by clicking Participants, then Invite.

  • Invite button under Participants
    The button to invite others to join your Zoom meeting is now available at the bottom of the Participants panel.

  • Local file transfer in meeting chat
    The feature file transfer in meeting chat has been re-enabled. Third-party file transfers and sharing clickable links are still disabled.

  • Automatic prompt to share reports and logs if Zoom client crashes
    Users will be asked if they would like to share reports and logs with Zoom if their Zoom client crashes. This feature can be disabled by admins.

New and enhanced features

  • Security icon in host’s meeting controls
    The meeting host will now have a Security icon in their meeting controls, which combines all of Zoom’s existing in-meeting security controls into one place. This includes locking the meeting, enabling Waiting Room, and more. Users can also now enable Waiting Room in a meeting, even if the feature was turned off before the start of the meeting.

Resolved Issues

  • Fixed CVE-2020-11443, thanks to the Lockheed Martin Red Team

  • Minor bug fixes


buy me a coffee