CVE-2022-22784

Name of the Vulnerable Software and Affected Versions Zoom Client for Meetings versions prior to 5.10.0

Description The issue is related to the incorrect parsing of XML data in XMPP messages, which can be exploited by a remote attacker to perform a spoofing attack by sending a specially crafted chat message. This can allow a malicious user to break out of the current XMPP message context and create a new message context, potentially leading to various actions being performed on the receiving user's client. The issue could be used in a more sophisticated attack to forge XMPP messages from the server.

Recommendations For versions prior to 5.10.0, update to version 5.10.0 or later to resolve the issue. As a temporary workaround, consider restricting the use of XMPP messages until a patch is available. Avoid using the XML parsing functionality in the affected Zoom Client for Meetings until the issue is resolved.