Shulou(Shulou.com)06/01 Report--

Zoom meeting client remote code execution vulnerability CVE-2020-6110 refers to what, many novices are not very clear about this, in order to help you solve this problem, the following editor will explain in detail for you, people with this need can come to learn, I hope you can gain something.

0x00 vulnerability background

June 09, 2020, 360CERT Monitoring found that the Talos Security Research team issued a risk notice for remote code execution on Zoom clients, the vulnerability number is CVE-2020-6110, vulnerability level: high risk.

Zoom is a multi-person cloud video conferencing software that provides users with cloud video calling services with video conferencing and mobile web conferencing capabilities.

There is a directory traversal vulnerability / file overwrite vulnerability in the Zoom client, and remote attackers can cause remote code execution by sharing maliciously compressed files during a meeting.

In this regard, 360CERT recommends that the majority of users timely install the latest patches, do a good job of asset self-examination and prevention work, so as to avoid hacker attacks.

0x01 risk rating

360CERT's assessment of the vulnerability is as follows

Assessment methods, threat levels, high risk impact surfaces, general 0x02 vulnerability details

According to Talos's analysis report,

When implementing the function of code snippet sharing, the Zoom client adopts some unsafe technical schemes.

XMPP is used to encapsulate the message content.

Use ZIP to package and transfer the shared code

There are the following hidden dangers in Zoom's XMAPP communication feature:

The logic is not strictly verified, allowing users to tamper with and publish malicious content to other users

Messages are transmitted in clear text

A vulnerability exists in the decompression function of Zoom, which causes the directory to traverse and overwrite the target file. The decompression function of Zoom has the following hidden dangers:

Filename construction allows directory traversal

The end of any extension can be decompressed.

Allows the client to automatically decompress the received package, and the contents of the package are not verified

As a result, an attacker can remotely deliver malicious files to other users and trigger file overwriting operations, resulting in remote code execution.

0x03 affects version

Zoom Client Application:4.6.10

Zoom Client Application:4.6.11

0x04 repair recommendations temporary patching recommendations:

Upgrade to Zoom Client Application 4.6.12

0x05 product side solution 360Security Guard

For this security update, Windows users can install the corresponding patch through the 360 security guard, and users on other platforms can update the flawed products according to the updated version of the product in the repair proposal.

Is it helpful for you to read the above content? If you want to know more about the relevant knowledge or read more related articles, please follow the industry information channel, thank you for your support.

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.