DLL injection in Zoom Windows Clients

CVE-2022-28766

3.3LOW

Key Information

Vendor
Zoom
Status
Zoom Client For Meetings For Windows (32-bit)
Zoom Vdi Windows Meeting Client For Windows (32-bit)
Zoom Rooms For Conference Room For Windows (32-bit)
Vendor
CVE Published:
15 November 2022

Summary

Windows 32-bit versions of the Zoom Client for Meetings before 5.12.6 and Zoom Rooms for Conference Room before version 5.12.6 are susceptible to a DLL injection vulnerability. A local low-privileged user could exploit this vulnerability to run arbitrary code in the context of the Zoom client.

Affected Version(s)

Zoom Client for Meetings for Windows (32-bit) < 5.12.6

Zoom VDI Windows Meeting Client for Windows (32-bit) < 5.12.6

Zoom Rooms for Conference Room for Windows (32-bit) < 5.12.6

Refferences

CVSS V3.1

Score:
3.3
Severity:
LOW
Confidentiality:
Low
Integrity:
None
Availability:
None
Attack Vector:
Local
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Collectors

NVD DatabaseMitre Database
.