Full title: Zoom Linux Client 2.0.106600.0904 Buffer Overflow Vulnerability 
Category: dos / poc
Platform: linux
The binary /opt/zoom/ZoomLauncher is vulnerable to a buffer overflow because it concatenates a overly long user input to a stack variable without checking if the destination buffer is long enough to hold the data. The binary also has important security features like canary turned off. The client registers a scheme handler (zoommtg://) and this makes possible to trigger the vulnerability remotely. Version 2.0.106600.0904 is affected.

# 0day.today @ http://0day.today/