ASA-2018-00064 – Zoom: Unauthorized command execution

There's a vulnerability in Zoom's Desktop Conferencing Application that allows for execution of unauthorized Zoom commands like spoofing chat messages, hijacking screen controls and kicking attendees off calls and locking them out of meetings. This vulnerability could be exploited in a few scenarios: 1) a Zoom meeting attendee could go rogue; 2) an attacker on the local access network (LAN) or 3) a remote attacker over wide area network (WAN) could theoretically use this vulnerability to hijack an ongoing Zoom meeting.