Note: As our world comes together to slow the spread of COVID-19 pandemic, the Zoom Support Center has continued to operate 24x7 globally to support you. Please see the updated Support Guidelines during these unprecedented times.



Security: CVE-2020-9767 Follow

A vulnerability related to Dynamic-link Library (“DLL”) loading in the Zoom Sharing Service would allow an attacker who had local access to a machine on which the service was running with elevated privileges to elevate their system privileges as well through use of a malicious DLL.

Zoom addressed this issue, which only applies to Windows users, in the 5.0.4 client release. Users can help keep themselves secure by applying current updates or downloading the latest Zoom software with all current security updates from https://zoom.us/download.

CVSS v3.0 Severity and Metrics

Base Score: 7.8/High
Attack Vector: Local
Attack Complexity: Low
Privileges Required: Low
User Interaction: None
Scope: Unchanged
Confidentiality: High
Integrity: High
Availability: High
Vector String: AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Note: CVSS score may differ from that published in NVD due to differences between analysts in impact assessment or other calculation components.