ET EXPLOIT Zoom Linux Client Command Injection (CVE-2017-15049)

SID: 2066200Rev: 10 views

Sourceet/open

CreatedDecember 9, 2025

UpdatedDecember 9, 2025

Classificationbad-unknown

alert tcp any any -> $HOME_NET any (msg:"ET EXPLOIT Zoom Linux Client Command Injection (CVE-2017-15049)"; flow:established,to_client; file.data; content:"zoommtg|3a 2f 2f|"; pcre:"/^[^\x22\x27]*?[\x3b\x26\x60\x7c\x24]/R"; reference:url,packetstorm.news/files/id/145453; reference:cve,2017-15049; classtype:bad-unknown; sid:2066200; rev:1; metadata:affected_product Zoom, attack_target Client_Endpoint, tls_state TLSDecrypt, created_at 2025_12_09, cve CVE_2017_15049, deployment Perimeter, deployment Internal, deployment SSLDecrypt, confidence Medium, signature_severity Major, updated_at 2025_12_09; target:dest_ip;)

References

url	packetstorm.news/files/id/145453
cve	2017-15049

Metadata

affected productZoom

attack targetClient_Endpoint

tls stateTLSDecrypt

created at2025_12_09

cveCVE-2017-15049

deploymentSSLDecrypt

confidenceMedium

signature severityMajor

updated at2025_12_09

Comments (0)

Please sign in to leave a comment.

No comments yet. Be the first to comment!