ASA-2018-00064 – Zoom: Unauthorized command execution

Para a versão em português deste alerta, clique aqui.

Allele Security Alert



ASA-2018-00064, CVE-2018-15715


Unauthorized command execution


Zoom Video Communications


Zoom Desktop Conferencing Application

Affected version(s)

Zoom for macOS version 4.1.33259.0925
Zoom for Windows version 4.1.33259.0925
Zoom for Linux version 2.4.129780.0915

Fixed version(s)

Windows version 4.1.34814.1119
macOS version 4.1.34801.1116

Proof of concept



There’s a vulnerability in Zoom’s Desktop Conferencing Application that allows for execution of unauthorized Zoom commands like spoofing chat messages, hijacking screen controls and kicking attendees off calls and locking them out of meetings. This vulnerability could be exploited in a few scenarios: 1) a Zoom meeting attendee could go rogue; 2) an attacker on the local access network (LAN) or 3) a remote attacker over wide area network (WAN) could theoretically use this vulnerability to hijack an ongoing Zoom meeting.

Technical details

This bug is due to the fact that Zoom’s internal messaging pump (util.dll!ssb::events_t::loop) dispatches both client User Datagram Protocol (UDP) and server Transmission Control Protocol (TCP) messages (from util.dll!ssb::select_t::loop) to the same message handler in ssb_sdk.dll. This allows an attacker to craft and send UDP packets which get interpreted as messages processed from the trusted TCP channel used by authorized Zoom servers.


David Wells (Tenable)


Tenable Research Advisory: Zoom Unauthorized Command Execution (CVE-2018-15715)

New Updates For Mac OS

New Updates For Windows

Remotely Hijacking Zoom Clients



If there is any error in this alert or you wish a comprehensive analysis, let us know.

Last modified: February 8, 2019