Two Known Vulnerabilities Zoom Used in its Code Let Attackers Hack Systems via Chat
From Hacker News:
According to the researchers, successful exploitation of both flaws requires no or very little interaction from targeted chat participants and can be executed just by sending specially crafted messages through the chat feature to an individual or a group.
The first security vulnerability (CVE-2020-6109) resided in the way Zoom leverages GIPHY service, recently bought by Facebook, to let its users search and exchange animated GIFs while chatting.
Researchers find that the Zoom application did not check whether a shared GIF is loading from Giphy service or not, allowing an attacker to embed GIFs from a third-party attacker-controlled server, which zoom by design cache/store on the recipients’ system in a specific folder associated with the application.
Besides that, since the application was also not sanitizing the filenames, it could have allowed attackers to achieve directory traversal, tricking the application into saving malicious files disguised as GIFs to any location on the victim’s system, for example, the startup folder.
The second remote code execution vulnerability (CVE-2020-6110) resided in the way vulnerable versions of the Zoom application process code snippets shared through the chat.