Allele Security Alert
Denial of Service by repeatedly joining a user to an invalid call
Zoom Video Communications, Inc
Zoom Client versions before 4.4.2
Zoom Client version 4.4.2
Proof of concept
Remote attackers can cause a denial of service (continual focus grabs) via a sequence of invalid launch?action=join&confno= requests to localhost web server on port 19421.
Zoom Zero Day: 4+ Million Webcams & maybe an RCE? Just get them to visit your website!
If there is any error in this alert or you wish a comprehensive analysis, let us know.
Last modified: July 10, 2019