PT-2022-15676 · Zoom · Zoom Rooms For Conference Room For Windows+1
Published
2022-06-15
·
Updated
2022-06-27
·
CVE-2022-22788
CVSS v3.1
7.8
High
| Vector | AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
Zoom Client for Meetings versions prior to 5.10.3
Zoom Rooms for Conference Room for Windows versions prior to 5.10.3
Description
The issue concerns a DLL injection attack that could allow running arbitrary code on the victim's host. This occurs when the Zoom Opener installer is downloaded from the Launch meeting page to join a meeting without the Zoom Meeting Client installed.
Recommendations
For Zoom Client for Meetings versions prior to 5.10.3, update to version 5.10.3 or later to resolve the issue.
For Zoom Rooms for Conference Room for Windows versions prior to 5.10.3, update to version 5.10.3 or later to resolve the issue.
Fix
Uncontrolled Search Path Element
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Zoom Client For Meetings
Zoom Rooms For Conference Room For Windows