CVE number – CVE-2020-6109
An exploitable path traversal vulnerability exists in the Zoom client, version 4.6.10 processes messages including animated GIFs. A specially crafted chat message can cause an arbitrary file write, which could potentially be abused to achieve arbitrary code execution. An attacker needs to send a specially crafted message to a target user or a group to exploit this vulnerability.
Vendor confirmed issue patched on 2020-04-21
Zoom Client Application 4.6.10
Discovered by a member of Cisco Talos.