DLL injection in Zoom Windows Clients

Bulletin: ZSB-22027
CVEID: CVE-2022-28766
CVSS Severity: High
CVSS Score: 8.1
CVSS Vector String: CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:L

Description:

Windows 32-bit versions of the Zoom Client for Meetings before 5.12.6 and Zoom Rooms for Conference Room before version 5.12.6 are susceptible to a DLL injection vulnerability. A local low-privileged user could exploit this vulnerability to run arbitrary code in the context of the Zoom client.

Users can help keep themselves secure by applying current updates or downloading the latest Zoom software with all current security updates from https://zoom.us/download.

Affected Products:

Zoom Client for Meetings for Windows (32-bit) prior to 5.12.6
Zoom VDI Windows Meeting Client for Windows (32-bit) prior to 5.12.6
Zoom Rooms for Conference Room for Windows (32-bit) prior to 5.12.6

Source:

Reported by sim0nsecurity

Revision	Date	Description
1.0	11/15/2022	Initial Publication

DLL injection in Zoom Windows Clients

Subscribe for updates