DLL injection in Zoom Windows Clients

CVE-2022-28766

3.3LOW

Key Information

Vendor: Zoom
Status: Zoom Client For Meetings For Windows (32-bit); Zoom Vdi Windows Meeting Client For Windows (32-bit); Zoom Rooms For Conference Room For Windows (32-bit)
Vendor: CVE Published:; 15 November 2022

Summary

Windows 32-bit versions of the Zoom Client for Meetings before 5.12.6 and Zoom Rooms for Conference Room before version 5.12.6 are susceptible to a DLL injection vulnerability. A local low-privileged user could exploit this vulnerability to run arbitrary code in the context of the Zoom client.

Affected Version(s)

Zoom Client for Meetings for Windows (32-bit) < 5.12.6

Zoom VDI Windows Meeting Client for Windows (32-bit) < 5.12.6

Zoom Rooms for Conference Room for Windows (32-bit) < 5.12.6

CVSS V3.1

Score:

3.3

Severity:

LOW

Confidentiality:

Low

Integrity:

None

Availability:

None

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Risk change from: 7.3 to: 3.3 - (LOW)
Feb 22, 2024
Vulnerability published.
Nov 15, 2022
Vulnerability Reserved.
Apr 6, 2022

Collectors

NVD DatabaseMitre Database