DLL injection in Zoom Opener installer for Zoom and Zoom Rooms clients
- ZSB-22010
- CVE-2022-22788
- High
- 7.1
- CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H
The Zoom Opener installer is downloaded by a user from the Launch meeting page, when attempting to join a meeting without having the Zoom Meeting Client installed. The Zoom Opener installer for Zoom Client for Meetings before version 5.10.3 and Zoom Rooms for Conference Room for Windows before version 5.10.3 are susceptible to a DLL injection attack. This vulnerability could be used to run arbitrary code on the victim’s host.
Users can help keep themselves secure by removing older versions of the Zoom Opener installer and running the latest version of the Zoom Opener installer from the “Download Now" button on the "Launch Meeting" page. User’s can also protect themselves by downloading the latest Zoom software with all current security updates from https://zoom.us/download.
- Zoom Client for Meetings for Windows before version 5.10.3
- All Zoom Rooms for Conference Room for Windows before version 5.10.3
Reported by James Tsz Ko Yeung
| Revision | Date | Description |
|---|---|---|
| 1.0 | 06/14/2022 | Initial Publication |