Rewterz Threat Alert – Quasar RAT – Active IOCs
August 17, 2021Rewterz Threat Alert – DanaBot Trojan – Active IOCs
August 17, 2021Rewterz Threat Alert – Quasar RAT – Active IOCs
August 17, 2021Rewterz Threat Alert – DanaBot Trojan – Active IOCs
August 17, 2021Severity
High
Analysis Summary
CVE-2021-34407
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Zoom Clients. Authentication is not required to exploit this vulnerability. The specific flaw exists within the processing of encrypted messages. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length heap-based buffer. An attacker can leverage this vulnerability to execute code in the context of the current user.
Impact
- Code Execution
- Unauthorized Access
Affected Vendors
Zoom
Affected Products
- Client
Remediation
Zoom has issued an update to correct this vulnerability. More details can be found at: