First published: Fri Apr 09 2021(Updated: )
Zoom Chat through 2021-04-09 on Windows and macOS allows certain remote authenticated attackers to execute arbitrary code without user interaction. An attacker must be within the same organization, or an external party who has been accepted as a contact. NOTE: this is specific to the Zoom Chat software, which is different from the chat feature of the Zoom Meetings and Zoom Video Webinars software.
Credit: cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
Zoom Chat | <=2021-04-09 | |
Apple iOS and macOS | ||
Microsoft Windows |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2021-30480 has a high severity level due to the potential for remote code execution without user interaction.
To mitigate CVE-2021-30480, ensure you update Zoom Chat to a version released after April 9, 2021.
CVE-2021-30480 affects users of Zoom Chat up to the version released on April 9, 2021, on Windows and macOS.
CVE-2021-30480 enables remote authenticated attackers to execute arbitrary code within the affected Zoom Chat application.
No, CVE-2021-30480 does not require user interaction for exploitation, making it particularly dangerous.