CVE-2017-15049

HIGH

Zoom < 2.0.115900.1201 - Remote Code Execution via zoommtg:// Scheme Handler

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2017-15049. PoCs published by Conviso.

AI-analyzed exploit summary The exploit demonstrates a command injection vulnerability in the Zoom Linux client (version 2.0.106600.0904) via the zoommtg:// scheme handler. The PoC shows how arbitrary commands can be executed by injecting shell metacharacters into the ZoomLauncher binary.

Description

The ZoomLauncher binary in the Zoom client for Linux before 2.0.115900.1201 does not properly sanitize user input when constructing a shell command, which allows remote attackers to execute arbitrary code by leveraging the zoommtg:// scheme handler.

Exploits (1)

exploitdb WORKING POC VERIFIED
by Conviso · textdoslinux
https://www.exploit-db.com/exploits/43354

The exploit demonstrates a command injection vulnerability in the Zoom Linux client (version 2.0.106600.0904) via the zoommtg:// scheme handler. The PoC shows how arbitrary commands can be executed by injecting shell metacharacters into the ZoomLauncher binary.

Classification
Working Poc 100%
Attack Type
Rce
Complexity
Trivial
Reliability
Reliable
Target: Zoom client for Linux, version 2.0.106600.0904
No auth needed
Prerequisites: Victim must have the vulnerable Zoom client installed · Victim must interact with a malicious link or webpage
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (4)

Core 4
Core References
Exploit, Third Party Advisory, VDB Entry exploit x_refsource_exploit-db
https://www.exploit-db.com/exploits/43354/
Exploit, Mailing List, Third Party Advisory mailing-list x_refsource_fulldisc
http://seclists.org/fulldisclosure/2017/Dec/47

Scores

CVSS v3 8.8
EPSS 0.1705
EPSS Percentile 96.7%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Details

CWE
CWE-78
Status published
Products (1)
zoom/zoom < 2.0.115900.1201
Published Dec 19, 2017
Tracked Since Feb 18, 2026