CVE-2020-11443

Sažetak

The Zoom IT installer for Windows (ZoomInstallerFull.msi) prior to version 4.6.10 deletes files located in %APPDATA%\Zoom before installing an updated version of the client. Standard users are able to write to this directory, and can write links to other directories on the machine. As the installer runs with SYSTEM privileges and follows these links, a user can cause the installer to delete files that otherwise cannot be deleted by the user.

Reference

https://support.zoom.us/hc/en-us/articles/360043036451-Security-CVE-2020-11443
https://support.zoom.us/hc/en-us/articles/201361953-New-Updates-for-Windows
https://support.zoom.us/hc/en-us/articles/360043036451

CVSS

Base:	8.5
Impact:	9.2
Exploitability:	8.0

Pristup

Vektor	Složenost	Autentikacija
NETWORK	LOW	SINGLE

Impact

Povjerljivost	Cjelovitost	Dostupnost
NONE	COMPLETE	COMPLETE

CVSS vektor

AV:N/AC:L/Au:S/C:N/I:C/A:C

Zadnje važnije ažuriranje

21-07-2021 - 11:39

Objavljeno

04-05-2020 - 14:15