Vulnerability Details CVE-2020-16087
An issue was discovered in Zalo.exe in VNG Zalo Desktop 19.8.1.0. An attacker can run arbitrary commands on a remote Windows machine running the Zalo client by sending the user of the device a crafted file.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.002
EPSS Ranking 38.5%
CVSS Severity
CVSS v3 Score 8.6
CVSS v2 Score 9.3
References
Products affected by CVE-2020-16087
-
cpe:2.3:a:vng:zalo_desktop:19.8.1.0
-
cpe:2.3:o:microsoft:windows:-