At Zoom, we are hard at work to provide you with the best 24x7 global support experience. As part of this ongoing commitment, please review our updated Support Guidelines.



Security: CVE-2020-9767 Follow

A vulnerability related to Dynamic-link Library (“DLL”) loading in the Zoom Sharing Service would allow an attacker who had local access to a machine on which the service was running with elevated privileges to elevate their system privileges as well through use of a malicious DLL.

Zoom addressed this issue, which only applies to Windows users, in the 5.0.4 client release. Users can help keep themselves secure by applying current updates or downloading the latest Zoom software with all current security updates from https://zoom.us/download.

CVSS v3.0 Severity and Metrics

Base Score: 7.8/High
Attack Vector: Local
Attack Complexity: Low
Privileges Required: Low
User Interaction: None
Scope: Unchanged
Confidentiality: High
Integrity: High
Availability: High
Vector String: AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Note: CVSS score may differ from that published in NVD due to differences between analysts in impact assessment or other calculation components.