ZoomCVELIST:CVE-2022-28766CVE-2022-28766 DLL injection in Zoom Windows Clients
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
LOW
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
EPSS
Percentile
5.1%
Windows 32-bit versions of the Zoom Client for Meetings before 5.12.6 and Zoom Rooms for Conference Room before version 5.12.6 are susceptible to a DLL injection vulnerability. A local low-privileged user could exploit this vulnerability to run arbitrary code in the context of the Zoom client.
CNA Affected
[
{
"vendor": "Zoom Video Communications Inc",
"product": "Zoom Client for Meetings for Windows (32-bit)",
"versions": [
{
"version": "unspecified",
"lessThan": "5.12.6",
"status": "affected",
"versionType": "custom"
}
]
},
{
"vendor": "Zoom Video Communications Inc",
"product": "Zoom VDI Windows Meeting Client for Windows (32-bit)",
"versions": [
{
"version": "unspecified",
"lessThan": "5.12.6",
"status": "affected",
"versionType": "custom"
}
]
},
{
"vendor": "Zoom Video Communications Inc",
"product": "Zoom Rooms for Conference Room for Windows (32-bit)",
"versions": [
{
"version": "unspecified",
"lessThan": "5.12.6",
"status": "affected",
"versionType": "custom"
}
]
}
]Related
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
LOW
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
EPSS
Percentile
5.1%