ASA-2018-00064 – Zoom: Unauthorized command execution

Allele Security Alert



ASA-2018-00064, CVE-2018-15715


Unauthorized command execution


Zoom Video Communications, Inc


Zoom Desktop Conferencing Application

Affected version(s)

Zoom for macOS version 4.1.33259.0925
Zoom for Windows version 4.1.33259.0925
Zoom for Linux version 2.4.129780.0915

Fixed version(s)

Windows version 4.1.34814.1119
macOS version 4.1.34801.1116

Proof of concept



There’s a vulnerability in Zoom’s Desktop Conferencing Application that allows for execution of unauthorized Zoom commands like spoofing chat messages, hijacking screen controls and kicking attendees off calls and locking them out of meetings. This vulnerability could be exploited in a few scenarios: 1) a Zoom meeting attendee could go rogue; 2) an attacker on the local access network (LAN) or 3) a remote attacker over wide area network (WAN) could theoretically use this vulnerability to hijack an ongoing Zoom meeting.

Technical details

This bug is due to the fact that Zoom’s internal messaging pump (util.dll!ssb::events_t::loop) dispatches both client User Datagram Protocol (UDP) and server Transmission Control Protocol (TCP) messages (from util.dll!ssb::select_t::loop) to the same message handler in ssb_sdk.dll. This allows an attacker to craft and send UDP packets which get interpreted as messages processed from the trusted TCP channel used by authorized Zoom servers.


David Wells (Tenable)


Tenable Research Advisory: Zoom Unauthorized Command Execution (CVE-2018-15715)

New Updates For Mac OS

New Updates For Windows

Remotely Hijacking Zoom Clients



If there is any error in this alert or you wish a comprehensive analysis, let us know.

Last modified: July 9, 2019

We are not responsible for any data loss, device corruption or any other type of issue due to the use of any information mentioned in our security alerts.