DLL injection in Zoom Windows Clients
CVE-2022-28766

3.3LOW

Key Information:

Vendor: Zoom
Status: Zoom Client For Meetings For Windows (32-bit); Zoom Vdi Windows Meeting Client For Windows (32-bit); Zoom Rooms For Conference Room For Windows (32-bit)
Vendor: CVE Published:; 15 November 2022

What is CVE-2022-28766?

Windows 32-bit versions of the Zoom Client for Meetings before 5.12.6 and Zoom Rooms for Conference Room before version 5.12.6 are susceptible to a DLL injection vulnerability. A local low-privileged user could exploit this vulnerability to run arbitrary code in the context of the Zoom client.

Affected Version(s)

Zoom Client for Meetings for Windows (32-bit) < 5.12.6

Zoom Rooms for Conference Room for Windows (32-bit) < 5.12.6

Zoom VDI Windows Meeting Client for Windows (32-bit) < 5.12.6

References

https://explore.zoom.us/en/trust/security/security-bulletin/

CVSS V3.1

Score:

3.3

Severity:

LOW

Confidentiality:

Low

Integrity:

None

Availability:

Low

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Nov 15, 2022
Vulnerability Reserved
Apr 6, 2022