CVE-2017-15048
high
CVSS v3
8.8
CVSS v2
6.8
VIR risk
8.8
Description
Stack-based buffer overflow in the ZoomLauncher binary in the Zoom client for Linux before 2.0.115900.1201 allows remote attackers to execute arbitrary code by leveraging the zoommtg:// scheme handler.
Predictions
Exploit likelihood
92%
Patch ETA
—
Heuristic predictions, AS-IS, for prioritization only.
Mitigations
No vendor mitigations ingested yet for this CVE. The mitigation-content worker queues fetches as references arrive — check back in a few minutes, or see the references list below.
Application impact
| Vendor | Product | Versions | Fixed |
|---|---|---|---|
| zoom | zoom | {"endExcluding":"2.0.115900.1201"} | 2.0.115900.1201 |
References
- http://packetstormsecurity.com/files/145452/Zoom-Linux-Client-2.0.106600.0904-Buffer-Overflow.html
- http://seclists.org/fulldisclosure/2017/Dec/46
- https://github.com/convisoappsec/advisories/blob/master/2017/CONVISO-17-002.txt
- https://www.exploit-db.com/exploits/43355/
- http://packetstormsecurity.com/files/145452/Zoom-Linux-Client-2.0.106600.0904-Buffer-Overflow.html
- http://seclists.org/fulldisclosure/2017/Dec/46
- https://github.com/convisoappsec/advisories/blob/master/2017/CONVISO-17-002.txt
- https://www.exploit-db.com/exploits/43355/
CWEs
CWE-119
Verify integrity in audit chain (admin only). AS-IS.