Are you using the Zoom app for video conferencing? Check how a successful RCE can be done even after their recent release. Zoom is still vulnerable even after the latest patch? RCE in zoom video conferencing apphttps://subhajitsaha.com/zoom-is-still-vulnerable-even-after-the-latest-patch-rce-in-zoom-video-conferencing-app/ …
-
-
Replying to @subhajitsaha0x
"Zoom is still vulnerable even after the latest patch?" Is this a question or a statement? The current Zoom doesn't appear to even make SMB links clickable.pic.twitter.com/thMkKjpOYH
2 replies 2 retweets 5 likes -
Replying to @wdormann
Well if you go through my post, right down i have put a reference link, can be bypass using base64 encoding in the latest update too.
2 replies 1 retweet 4 likes -
Replying to @subhajitsaha0x
Ah, so attacking via a zoommtg:// URI? In which case the attack vector is something like a web browser, which subsequently launches Zoom to trigger the issue?
1 reply 0 retweets 1 like -
Thanks. I'll have to dig a little deeper. I couldn't get the example in that github gist to do anything of interest other than just launch Zoom, which just seems to sit there after launch.
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.