Unrated severityNVD Advisory· Published Mar 27, 2023· Updated Feb 19, 2025
Improper trust boundary implementation for SMB in Zoom Clients
CVE-2023-28597
Description
Zoom clients prior to 5.13.5 contain an improper trust boundary implementation vulnerability. If a victim saves a local recording to an SMB location and later opens it using a link from Zoom’s web portal, an attacker positioned on an adjacent network to the victim client could set up a malicious SMB server to respond to client requests, causing the client to execute attacker controlled executables. This could result in an attacker gaining access to a user's device and data, and remote code execution.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
4- Range: <5.13.5
- Zoom Video Communications, Inc./Zoom (for Android, iOS, Linux, macOS, And Windows) Clients Before Version 5.13.5cpe-rescue2 versions
unspecified+ 1 more
- (no CPE)range: unspecified
- (no CPE)range: unspecified
- Range: unspecified
Patches
Vulnerability mechanics
References
1News mentions
0No linked articles in our index yet.