Symlink following in the installer for Zoom Workplace App for macOS before 6.2.10 may allow an authenticated user to conduct a denial of service via local access.
The product attempts to access a file based on the filename, but it does not properly prevent that filename from identifying a link or shortcut that resolves to an unintended resource.
Name | Vendor | Start Version | End Version |
---|---|---|---|
Meeting_software_development_kit | Zoom | * | 6.2.10 (excluding) |
Rooms | Zoom | * | 6.2.10 (excluding) |
Rooms_controller | Zoom | * | 6.2.10 (excluding) |
Video_software_development_kit | Zoom | * | 6.2.10 (excluding) |
Workplace_desktop | Zoom | * | 6.2.10 (excluding) |