DLL injection in Zoom Windows Clients

Bulletin: ZSB-22027
CVEID: CVE-2022-28766
CVSS Severity: High
CVSS Score: 8.1
CVSS Vector String: CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:L

Description:

Windows 32-bit versions of the Zoom Client for Meetings before 5.12.6 and Zoom Rooms for Conference Room before version 5.12.6 are susceptible to a DLL injection vulnerability. A local low-privileged user could exploit this vulnerability to run arbitrary code in the context of the Zoom client.

Users can help keep themselves secure by applying current updates or downloading the latest Zoom software with all current security updates from https://zoom.us/download.

Affected Products:

Zoom Client for Meetings for Windows (32-bit) prior to 5.12.6
Zoom VDI Windows Meeting Client for Windows (32-bit) prior to 5.12.6
Zoom Rooms for Conference Room for Windows (32-bit) prior to 5.12.6

Source:

Reported by sim0nsecurity

Revision	Date	Description
1.0	11/15/2022	Initial Publication

Zoom Workplace

Business Services

By industry

By audience

Enterprise

For Developer

For partners

🚀 NEW My notes, your AI note taker

DLL injection in Zoom Windows Clients

DLL injection in Zoom Windows Clients

Subscribe for updates