DLL injection in Zoom Windows Clients
CVE-2022-28766
3.3LOW
Key Information
- Vendor
- Zoom
- Status
- Zoom Client For Meetings For Windows (32-bit)
- Zoom Vdi Windows Meeting Client For Windows (32-bit)
- Zoom Rooms For Conference Room For Windows (32-bit)
- Vendor
- CVE Published:
- 15 November 2022
Summary
Windows 32-bit versions of the Zoom Client for Meetings before 5.12.6 and Zoom Rooms for Conference Room before version 5.12.6 are susceptible to a DLL injection vulnerability. A local low-privileged user could exploit this vulnerability to run arbitrary code in the context of the Zoom client.
Affected Version(s)
Zoom Client for Meetings for Windows (32-bit) < 5.12.6
Zoom VDI Windows Meeting Client for Windows (32-bit) < 5.12.6
Zoom Rooms for Conference Room for Windows (32-bit) < 5.12.6
Refferences
CVSS V3.1
Score:
3.3
Severity:
LOW
Confidentiality:
Low
Integrity:
None
Availability:
None
Attack Vector:
Local
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged
Timeline
Vulnerability published
Vulnerability Reserved
Collectors
NVD DatabaseMitre Database