CVE-2023-28601

CVSS 8.3 HIGHEPSS 1.0%CWE-358

In short

Zoom for Windows versions before 5.14.0 have a memory protection flaw that allows a malicious user to alter the application's protected memory, potentially causing the Zoom client to malfunction or behave unexpectedly.

Technical detail

CWE-358 improper restriction of memory buffer bounds in Zoom Windows clients prior to 5.14.0 allows local attackers with user privileges to write to protected memory regions, compromising client integrity without requiring elevated permissions or user interaction.

Summary generated and translated by AI from the official description.

Zoom for Windows clients prior to 5.14.0 contain an improper restriction of operations within the bounds of a memory buffer vulnerability. A malicious user may alter protected Zoom Client memory buffer potentially causing integrity issues within the Zoom Client.

CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H

Affected products

Zoom Video Communications, Inc. · Zoom for Windows Client

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →

References

https://explore.zoom.us/en/trust/security/security-bulletin/