Skip to main content

Zoom CVE-2017-15048

HIGH
Buffer Overflow (CWE-119)
2017-12-19 cve@mitre.org
8.8
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
8.8 HIGH
AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
Required
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High

Lifecycle Timeline

1
CVE Published
Dec 19, 2017 - 15:29 cve.org
HIGH 8.8

DescriptionCVE.org

Stack-based buffer overflow in the ZoomLauncher binary in the Zoom client for Linux before 2.0.115900.1201 allows remote attackers to execute arbitrary code by leveraging the zoommtg:// scheme handler.

AnalysisAI

Stack-based buffer overflow in the ZoomLauncher binary in the Zoom client for Linux before 2.0.115900.1201 allows remote attackers to execute arbitrary code by leveraging the zoommtg:// scheme. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 12.9%.

Technical ContextAI

This vulnerability is classified as Buffer Overflow (CWE-119), which allows attackers to corrupt memory to execute arbitrary code or crash the application. Stack-based buffer overflow in the ZoomLauncher binary in the Zoom client for Linux before 2.0.115900.1201 allows remote attackers to execute arbitrary code by leveraging the zoommtg:// scheme handler. Affected products include: Zoom. Version information: before 2.0.115900.1201.

RemediationAI

No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Use memory-safe languages or bounds-checking. Enable ASLR, DEP/NX, stack canaries. Use safe string functions.

More in Zoom

View all
CVE-2017-15049 HIGH POC
8.8 Dec 19

The ZoomLauncher binary in the Zoom client for Linux before 2.0.115900.1201 does not properly sanitize user input when c

CVE-2020-6109 CRITICAL POC
9.8 Jun 08

An exploitable path traversal vulnerability exists in the Zoom client, version 4.6.10 processes messages including anima

CVE-2018-15715 CRITICAL POC
9.8 Nov 30

Zoom clients on Windows (before version 4.1.34814.1119), Mac OS (before version 4.1.34801.1116), and Linux (2.4.129780.0

CVE-2020-6110 HIGH POC
8.8 Jun 08

An exploitable partial path traversal vulnerability exists in the way Zoom Client version 4.6.10 processes messages incl

CVE-2019-13567 HIGH POC
8.8 Jul 12

The Zoom Client before 4.4.53932.0709 on macOS allows remote code execution, a different vulnerability than CVE-2019-134

CVE-2026-1368 HIGH POC
7.5 Feb 18

Video Conferencing with Zoom WordPre versions up to 4.6.6 is affected by improper authentication (CVSS 7.5).

CVE-2019-13450 MEDIUM POC
6.5 Jul 09

In the Zoom Client through 4.4.4 and RingCentral 7.0.136380.0312 on macOS, remote attackers can force a user to join a v

CVE-2019-13449 MEDIUM POC
6.5 Jul 09

In the Zoom Client before 4.4.2 on macOS, remote attackers can cause a denial of service (continual focus grabs) via a s

CVE-2026-22844 CRITICAL
9.9 Jan 20

Zoom Node Multimedia Routers (MMRs) before version 5.2.1716.0 have a CVSS 9.9 command injection vulnerability allowing m

CVE-2024-24691 CRITICAL
9.8 Feb 14

Improper input validation in Zoom Desktop Client for Windows, Zoom VDI Client for Windows, and Zoom Meeting SDK for Wind

CVE-2023-39213 CRITICAL
9.8 Aug 08

Improper neutralization of special elements in Zoom Desktop Client for Windows and Zoom VDI Client before 5.15.2 may all

CVE-2023-39216 CRITICAL
9.8 Aug 08

Improper input validation in Zoom Desktop Client for Windows before 5.14.7 may allow an unauthenticated user to enable a

Share

CVE-2017-15048 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy