ZoomCVELIST:CVE-2022-22788CVE-2022-22788 DLL injection in Zoom Opener installer for Zoom and Zoom Rooms clients
7.1 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
LOW
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H
0.001 Low
EPSS
Percentile
26.5%
The Zoom Opener installer is downloaded by a user from the Launch meeting page, when attempting to join a meeting without having the Zoom Meeting Client installed. The Zoom Opener installer for Zoom Client for Meetings before version 5.10.3 and Zoom Rooms for Conference Room for Windows before version 5.10.3 are susceptible to a DLL injection attack. This vulnerability could be used to run arbitrary code on the victims host.
CNA Affected
[
{
"product": "Zoom Client for Meetings",
"vendor": "Zoom Video Communications Inc",
"versions": [
{
"lessThan": "5.10.3",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"product": "All Zoom Rooms for Conference Room for Windows",
"vendor": "Zoom Video Communications Inc",
"versions": [
{
"lessThan": "5.10.3",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
]Related
7.1 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
LOW
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H
0.001 Low
EPSS
Percentile
26.5%