VYPR
← All advisories
Unrated severityNVD Advisory· Published Nov 11, 2021· Updated Sep 16, 2024

Zoom Windows installation executable signature bypass

CVE-2021-34420

Description

The Zoom Client for Meetings for Windows installer before version 5.5.4 does not properly verify the signature of files with .msi, .ps1, and .bat extensions. This could lead to a malicious actor installing malicious software on a customer’s computer.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

The Zoom installer before 5.5.4 fails to verify signatures of .msi, .ps1, .bat files, enabling signature spoofing and malware installation.

Vulnerability

The Zoom Client for Meetings for Windows installer before version 5.5.4 does not properly verify the digital signatures of files with extensions .msi, .ps1, and .bat [1]. This flaw allows an attacker to bypass signature checks during the installation process.

Exploitation

An attacker would need to craft a malicious file with one of the affected extensions and cause it to be included in the installation, e.g., by hosting it on a network share or via a phishing campaign. User interaction is required to initiate the installation.

Impact

Successful exploitation could allow the attacker to install arbitrary software on the victim's system, leading to potential compromise of confidentiality, integrity, and availability.

Mitigation

Zoom released version 5.5.4 of the Zoom Client for Meetings for Windows which fixes the vulnerability. Users should update to the latest version as recommended in the Zoom Security Bulletin [1].

References
  1. Zoom Security Bulletins

AI Insight generated on May 26, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.

Affected products

2

Patches

0

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

2

News mentions

0

No linked articles in our index yet.