Vulnerability Details CVE-2019-13567
The Zoom Client before 4.4.53932.0709 on macOS allows remote code execution, a different vulnerability than CVE-2019-13450. If the ZoomOpener daemon (aka the hidden web server) is running, but the Zoom Client is not installed or can't be opened, an attacker can remotely execute code with a maliciously crafted launch URL. NOTE: ZoomOpener is removed by the Apple Malware Removal Tool (MRT) if this tool is enabled and has the 2019-07-10 MRTConfigData.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.015
EPSS Ranking 80.4%
CVSS Severity
CVSS v3 Score 8.8
CVSS v2 Score 6.8
References
- https://gist.github.com/wbowling/13f9f90365c171806b9ffba2c841026b
- https://support.zoom.us/hc/en-us/articles/201361963-New-Updates-for-Mac-OS
- https://twitter.com/JLLeitschuh/status/1149420685405708295
- https://twitter.com/JLLeitschuh/status/1149422543658520578
- https://twitter.com/riskybusiness/status/1149125147019767814
- https://twitter.com/wcbowling/status/1149457231504498689
- https://twitter.com/wcbowling/status/1166998107667619841
- https://gist.github.com/wbowling/13f9f90365c171806b9ffba2c841026b
- https://support.zoom.us/hc/en-us/articles/201361963-New-Updates-for-Mac-OS
- https://twitter.com/JLLeitschuh/status/1149420685405708295
- https://twitter.com/JLLeitschuh/status/1149422543658520578
- https://twitter.com/riskybusiness/status/1149125147019767814
- https://twitter.com/wcbowling/status/1149457231504498689
- https://twitter.com/wcbowling/status/1166998107667619841
Products affected by CVE-2019-13567
-
cpe:2.3:a:zoom:zoom:0.9.10894.0925
-
cpe:2.3:a:zoom:zoom:0.9.11127.0928
-
cpe:2.3:a:zoom:zoom:0.9.9997.0910
-
cpe:2.3:a:zoom:zoom:0.92.12362.1030
-
cpe:2.3:a:zoom:zoom:0.92.12606.1105
-
cpe:2.3:a:zoom:zoom:1.0.17722.0126
-
cpe:2.3:a:zoom:zoom:1.0.18176.0205
-
cpe:2.3:a:zoom:zoom:1.0.18490.0222
-
cpe:2.3:a:zoom:zoom:1.0.18584.0225
-
cpe:2.3:a:zoom:zoom:1.0.18953.0305
-
cpe:2.3:a:zoom:zoom:1.0.19784.0322
-
cpe:2.3:a:zoom:zoom:2.0.24230.0531
-
cpe:2.3:a:zoom:zoom:2.0.24278.0602
-
cpe:2.3:a:zoom:zoom:2.0.24636.0609
-
cpe:2.3:a:zoom:zoom:2.0.26498.0729
-
cpe:2.3:a:zoom:zoom:2.0.26542.0730
-
cpe:2.3:a:zoom:zoom:2.0.27327.0826
-
cpe:2.3:a:zoom:zoom:2.0.28860.0927
-
cpe:2.3:a:zoom:zoom:2.0.31403.1104
-
cpe:2.3:a:zoom:zoom:2.5.34797.1213
-
cpe:2.3:a:zoom:zoom:2.5.35132.1230
-
cpe:2.3:a:zoom:zoom:2.5.35230.0103
-
cpe:2.3:a:zoom:zoom:2.5.40060.0120
-
cpe:2.3:a:zoom:zoom:2.5.40199.0303
-
cpe:2.3:a:zoom:zoom:2.5.40309.0317
-
cpe:2.3:a:zoom:zoom:2.5.40419.0328
-
cpe:2.3:a:zoom:zoom:2.5.40542.0410
-
cpe:2.3:a:zoom:zoom:2.5.40961.0701
-
cpe:2.3:a:zoom:zoom:3.0.45579.0809
-
cpe:2.3:a:zoom:zoom:3.0.45740.0815
-
cpe:2.3:a:zoom:zoom:3.0.46193.0828
-
cpe:2.3:a:zoom:zoom:3.0.46236.0829
-
cpe:2.3:a:zoom:zoom:3.0.46609.0915
-
cpe:2.3:a:zoom:zoom:3.0.46828.0919
-
cpe:2.3:a:zoom:zoom:3.0.47212.0929
-
cpe:2.3:a:zoom:zoom:3.0.47252.0930
-
cpe:2.3:a:zoom:zoom:3.0.48197.1024
-
cpe:2.3:a:zoom:zoom:3.0.48498.1031
-
cpe:2.3:a:zoom:zoom:3.0.48882.1117
-
cpe:2.3:a:zoom:zoom:3.0.49042.1203
-
cpe:2.3:a:zoom:zoom:3.5.11039.0317
-
cpe:2.3:a:zoom:zoom:3.5.12706.0403
-
cpe:2.3:a:zoom:zoom:3.5.131222.0413
-
cpe:2.3:a:zoom:zoom:3.5.13132.0410
-
cpe:2.3:a:zoom:zoom:3.5.13678.0417
-
cpe:2.3:a:zoom:zoom:3.5.14544.0427
-
cpe:2.3:a:zoom:zoom:3.5.14934.0430
-
cpe:2.3:a:zoom:zoom:3.5.15506.0508
-
cpe:2.3:a:zoom:zoom:3.5.16903.0522
-
cpe:2.3:a:zoom:zoom:3.5.17994.0608
-
cpe:2.3:a:zoom:zoom:3.5.19689.0629
-
cpe:2.3:a:zoom:zoom:3.5.19877.0701
-
cpe:2.3:a:zoom:zoom:3.5.20913.0716
-
cpe:2.3:a:zoom:zoom:3.5.21228.0720
-
cpe:2.3:a:zoom:zoom:3.5.21488.0723
-
cpe:2.3:a:zoom:zoom:3.5.22132.0730
-
cpe:2.3:a:zoom:zoom:3.5.24604.0824
-
cpe:2.3:a:zoom:zoom:3.5.27094.0918
-
cpe:2.3:a:zoom:zoom:3.5.27255.0921
-
cpe:2.3:a:zoom:zoom:3.5.27367.0922
-
cpe:2.3:a:zoom:zoom:3.5.31087.1102
-
cpe:2.3:a:zoom:zoom:3.5.33823.1130
-
cpe:2.3:a:zoom:zoom:3.5.33842.1130
-
cpe:2.3:a:zoom:zoom:3.5.37712.0111
-
cpe:2.3:a:zoom:zoom:3.5.40286.0205
-
cpe:2.3:a:zoom:zoom:3.5.44022.0314
-
cpe:2.3:a:zoom:zoom:3.5.44420.0317
-
cpe:2.3:a:zoom:zoom:3.5.44581.0318
-
cpe:2.3:a:zoom:zoom:3.5.45146.0324
-
cpe:2.3:a:zoom:zoom:3.5.47151.0412
-
cpe:2.3:a:zoom:zoom:3.5.48445.0422
-
cpe:2.3:a:zoom:zoom:3.5.49863.0509
-
cpe:2.3:a:zoom:zoom:3.5.53922.0613
-
cpe:2.3:a:zoom:zoom:3.5.56157.0701
-
cpe:2.3:a:zoom:zoom:3.5.56609.0707
-
cpe:2.3:a:zoom:zoom:3.5.57166.0713
-
cpe:2.3:a:zoom:zoom:3.5.6289.1226
-
cpe:2.3:a:zoom:zoom:3.5.63439.0829
-
cpe:2.3:a:zoom:zoom:3.5.63970.0901
-
cpe:2.3:a:zoom:zoom:3.5.6478.1231
-
cpe:2.3:a:zoom:zoom:3.5.64836.0908
-
cpe:2.3:a:zoom:zoom:3.5.6558.0105
-
cpe:2.3:a:zoom:zoom:3.5.7165.0116
-
cpe:2.3:a:zoom:zoom:3.5.7731.0123
-
cpe:2.3:a:zoom:zoom:3.5.8412.0202
-
cpe:2.3:a:zoom:zoom:3.5.9172.0212
-
cpe:2.3:a:zoom:zoom:3.6.10826.1101
-
cpe:2.3:a:zoom:zoom:3.6.11639.1109
-
cpe:2.3:a:zoom:zoom:3.6.13977.1202
-
cpe:2.3:a:zoom:zoom:3.6.17046.1226
-
cpe:2.3:a:zoom:zoom:3.6.17818.1230
-
cpe:2.3:a:zoom:zoom:4.0.21440.0116
-
cpe:2.3:a:zoom:zoom:4.0.21664.0117
-
cpe:2.3:a:zoom:zoom:4.0.22115.0123
-
cpe:2.3:a:zoom:zoom:4.0.22259.0125
-
cpe:2.3:a:zoom:zoom:4.0.25513.0228
-
cpe:2.3:a:zoom:zoom:4.0.25926.0306
-
cpe:2.3:a:zoom:zoom:4.0.29208.0410
-
cpe:2.3:a:zoom:zoom:4.0.29390.0411
-
cpe:2.3:a:zoom:zoom:4.0.29656.0413
-
cpe:2.3:a:zoom:zoom:4.0.35295.0605
-
cpe:2.3:a:zoom:zoom:4.0.36452.0616
-
cpe:2.3:a:zoom:zoom:4.0.38982.0714
-
cpe:2.3:a:zoom:zoom:4.1.10062.1016
-
cpe:2.3:a:zoom:zoom:4.1.11049.1024
-
cpe:2.3:a:zoom:zoom:4.1.16781.1211
-
cpe:2.3:a:zoom:zoom:4.1.17379.1218
-
cpe:2.3:a:zoom:zoom:4.1.18796.0103
-
cpe:2.3:a:zoom:zoom:4.1.19666.0122
-
cpe:2.3:a:zoom:zoom:4.1.20199.0205
-
cpe:2.3:a:zoom:zoom:4.1.20446.0209
-
cpe:2.3:a:zoom:zoom:4.1.23108.0402
-
cpe:2.3:a:zoom:zoom:4.1.23501.0416
-
cpe:2.3:a:zoom:zoom:4.1.24423.0507
-
cpe:2.3:a:zoom:zoom:4.1.24919.0521
-
cpe:2.3:a:zoom:zoom:4.1.25010.0522
-
cpe:2.3:a:zoom:zoom:4.1.25233.0525
-
cpe:2.3:a:zoom:zoom:4.1.27507.0627
-
cpe:2.3:a:zoom:zoom:4.1.27695.0702
-
cpe:2.3:a:zoom:zoom:4.1.28165.0716
-
cpe:2.3:a:zoom:zoom:4.1.30477.0820
-
cpe:2.3:a:zoom:zoom:4.1.31275.0831
-
cpe:2.3:a:zoom:zoom:4.1.33259.0925
-
cpe:2.3:a:zoom:zoom:4.1.34475.1105
-
cpe:2.3:a:zoom:zoom:4.1.34801.1116
-
cpe:2.3:a:zoom:zoom:4.1.35374.1217
-
cpe:2.3:a:zoom:zoom:4.1.8826.0925
-
cpe:2.3:a:zoom:zoom:4.1.9338.0929
-
cpe:2.3:a:zoom:zoom:4.3.53325.0120
-
cpe:2.3:a:zoom:zoom:4.3.53755.0122
-
cpe:2.3:a:zoom:zoom:4.3.55307.0127
-
cpe:2.3:a:zoom:zoom:4.3.59197.0224
-
cpe:2.3:a:zoom:zoom:4.3.59242.0310
-
cpe:2.3:a:zoom:zoom:4.4.52551.0414
-
cpe:2.3:a:zoom:zoom:4.4.52586.0416
-
cpe:2.3:a:zoom:zoom:4.4.52595.0425
-
cpe:2.3:a:zoom:zoom:4.4.52600.0508
-
cpe:2.3:a:zoom:zoom:4.4.53582.0519
-
cpe:2.3:a:zoom:zoom:4.4.53590.0607
-
cpe:2.3:a:zoom:zoom:4.4.53909.0617