The binary /opt/zoom/ZoomLauncher is vulnerable to command injection because it uses user input to construct a shell command without proper sanitization. The client registers a scheme handler (zoommtg://) and this makes possible to trigger the vulnerability remotely. Version 2.0.106600.0904 is affected.
Source: Zoom Linux Client 2.0.106600.0904 Command Injection
The post Zoom Linux Client 2.0.106600.0904 Command Injection appeared first on MondoUnix.