A vulnerability related to Dynamic-link Library (“DLL”) loading in the Zoom Sharing Service would allow an attacker who had local access to a machine on which the service was running with elevated privileges to elevate their system privileges as well through use of a malicious DLL.
Zoom addressed this issue, which only applies to Windows users, in the 5.0.4 client release. Users can help keep themselves secure by applying current updates or downloading the latest Zoom software with all current security updates from https://zoom.us/download.
CVSS v3.0 Severity and Metrics
Base Score: 7.8/High
Attack Vector: Local
Attack Complexity: Low
Privileges Required: Low
User Interaction: None
Vector String: AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Note: CVSS score may differ from that published in NVD due to differences between analysts in impact assessment or other calculation components.