CVE-2017-15049
First published: Tue Dec 19 2017(Updated: )
The ZoomLauncher binary in the Zoom client for Linux before 2.0.115900.1201 does not properly sanitize user input when constructing a shell command, which allows remote attackers to execute arbitrary code by leveraging the zoommtg:// scheme handler.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Zoom Zoom | <2.0.115900.1201 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is CVE-2017-15049?
CVE-2017-15049 is a vulnerability in the Zoom client for Linux that allows remote attackers to execute arbitrary code by leveraging a specific scheme handler.
What software is affected by CVE-2017-15049?
The Zoom client for Linux before version 2.0.115900.1201 is affected by CVE-2017-15049.
How severe is CVE-2017-15049?
CVE-2017-15049 has a severity rating of 8.8 (critical).
How can I fix CVE-2017-15049?
To fix CVE-2017-15049, users should update their Zoom client for Linux to version 2.0.115900.1201 or later.
Where can I find more information about CVE-2017-15049?
You can find more information about CVE-2017-15049 in the references provided: http://packetstormsecurity.com/files/145453/Zoom-Linux-Client-2.0.106600.0904-Command-Injection.html, http://seclists.org/fulldisclosure/2017/Dec/47, https://github.com/convisoappsec/advisories/blob/master/2017/CONVISO-17-003.txt
- collector/nvd-index
- vendor/zoom
- product/zoom
- canonical/zoom zoom