![]() ![]() Zoom Rooms for Conference Rooms for Windows versions before 5.11.0 are susceptible to a Local Privilege Escalation vulnerability. ![]() A local low-privileged user could exploit this vulnerability to run arbitrary code in the context of the Zoom client. Windows 32-bit versions of the Zoom Client for Meetings before 5.12.6 and Zoom Rooms for Conference Room before version 5.12.6 are susceptible to a DLL injection vulnerability. An attacker must have code execution rights on the victim machine prior to successful exploitation. This vulnerability allows local user to delete arbitrary file in the system and bypassing security protection which can be abused for local privilege escalation on affected F-Secure & WithSecure windows endpoint products. NOTE: multiple third parties have reported that no privilege escalation can occur. The command runs in a child process under the 7zFM.exe process. This is caused by misconfiguration of 7z.dll and a heap overflow. Other operating systems are unaffected.* This vulnerability affects Firefox Contents area. ![]() *This bug only affects Firefox on Windows. A compromised content process could have provided malicious data to `FilterNodeD2D1` resulting in an out-of-bounds write, leading to a potentially exploitable crash in a privileged process. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |