### [CVE-2021-34408](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-34408)
![](https://img.shields.io/static/v1?label=Product&message=Zoom%20Client%20for%20Meetings%20for%20Windows&color=blue)
![](https://img.shields.io/static/v1?label=Version&message=All%20versions%20of%20the%20Zoom%20Client%20for%20Meetings%20for%20Windows%20before%20version%205.3.2%20&color=brightgreen)
![](https://img.shields.io/static/v1?label=Vulnerability&message=External%20Control%20of%20Filename%20or%20Path&color=brightgreen)

### Description

The Zoom Client for Meetings for Windows in all versions before version 5.3.2 writes log files to a user writable directory as a privileged user during the installation or update of the client. This could allow for potential privilege escalation if a link was created between the user writable directory used and a non-user writable directory.

### POC

#### Reference
- https://explore.zoom.us/en/trust/security/security-bulletin/

#### Github
- https://github.com/Farrhouq/Inpt-report