Improper XML Parsing in Zoom Client for Meetings
- ZSB-22006
- CVE-2022-22784
- High
- 8.1
- CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
The Zoom Client for Meetings (for Android, iOS, Linux, macOS, and Windows) before version 5.10.0 fails to properly parse XML stanzas in XMPP messages. This can allow a malicious user to break out of the current XMPP message context and create a new message context to have the receiving user’s client perform a variety of actions. This issue could be used in a more sophisticated attack to forge XMPP messages from the server.
Users can help keep themselves secure by applying current updates or downloading the latest Zoom software with all current security updates from https://zoom.us/download.
- Zoom Client for Meetings (for Android, iOS, Linux, macOS, and Windows) before version 5.10.0
Reported by Ivan Fratric of Google Project Zero
| Revision | Date | Description |
|---|---|---|
| 1.0 | 05/17/2022 | Initial Publication |