CVE-2020-11443
Summary
| CVE | CVE-2020-11443 |
|---|---|
| State | PUBLIC |
| Assigner | [email protected] |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2020-05-04 14:15:00 UTC |
| Updated | 2021-07-21 11:39:00 UTC |
| Description | The Zoom IT installer for Windows (ZoomInstallerFull.msi) prior to version 4.6.10 deletes files located in %APPDATA%\Zoom before installing an updated version of the client. Standard users are able to write to this directory, and can write links to other directories on the machine. As the installer runs with SYSTEM privileges and follows these links, a user can cause the installer to delete files that otherwise cannot be deleted by the user. |
Risk And Classification
Problem Types: CWE-59 | CWE-732
NVD Known Affected Configurations (CPE 2.3)
| Type | Vendor | Product | Version | Update | Edition | Language |
|---|---|---|---|---|---|---|
| Application | Zoom | It Installer | All | All | All | All |
| Application | Zoom | It Installer | All | All | All | All |
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| New updates for Windows – Zoom Help Center | CONFIRM | support.zoom.us | Broken Link, Vendor Advisory |
| Security: CVE-2020-11443 – Zoom Help Center | CONFIRM | support.zoom.us | Broken Link, Vendor Advisory |
| Security: CVE-2020-11443 – Zoom Help Center | CONFIRM | support.zoom.us | Broken Link, Vendor Advisory |
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
No vendor comments have been submitted for this CVE.
Legacy QID Mappings
- 375487 Zoom Arbitrary File Deletion Vulnerability