ASA-2019-00424 – Zoom Client: Remote code execution

Posted on by Allele Security Intelligence in Alerts

Allele Security Alert

ASA-2019-00424

Identifier(s)

ASA-2019-00424, CVE-2019-13567

Title

Remote code execution

Vendor(s)

Zoom Video Communications, Inc

Product(s)

Zoom Client

Affected version(s)

Zoom Client versions before 4.4.2

Fixed version(s)

Zoom Client version 4.4.2

Proof of concept

Yes

Description

The Zoom Client on macOS allows remote code execution. If the ZoomOpener daemon (aka the hidden web server) is running, but the Zoom Client is not installed or can’t be opened, an attacker can remotely execute code with a maliciously crafted launch URL.

Technical details

Unknown

Credits

Unknown

Reference(s)

Zoom Zero Day Followup: Getting the RCE
https://blog.assetnote.io/bug-bounty/2019/07/17/rce-on-zoom/

Twitter
https://twitter.com/JLLeitschuh/status/1149420685405708295

Twitter
https://twitter.com/JLLeitschuh/status/1149422543658520578

Twitter
https://twitter.com/riskybusiness/status/1149125147019767814

Twitter
https://twitter.com/wcbowling/status/1149457231504498689

CVE-2019-13567
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-13567

CVE-2019-13567
https://nvd.nist.gov/vuln/detail/CVE-2019-13567

If there is any error in this alert or you wish a comprehensive analysis, let us know.

Last modified: July 17, 2019

We are not responsible for any data loss, device corruption or any other type of issue due to the use of any information mentioned in our security alerts.