The Zoom Windows client is vulnerable to UNC path injection in the client’s chat feature that could allow attackers to steal the Windows credentials of users who click on the link. Windows will send the user’s login name and their NTLM password hash, which can be cracked using free tools like Hashcat to reveal, or reveal, the password. In addition to the stealing of Windows credentials, the UNC injects can also be used to launch programs on a local computer when a link is clicked. Zoom has released version 4.6.6253 of their client that now prevents ALL posted links from being converted into clickable hyperlinks.
Source: https://www.bleepingcomputer.com/news/security/zoom-lets-attackers-steal-windows-credentials-run-programs-via-unc-links/