PT-2022-5830 · Zoom · Zoom Rooms For Conference Room+2
Published
2022-11-17
·
Updated
2022-11-22
·
CVE-2022-28766
CVSS v3.1
7.3
High
| Vector | AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
Zoom Client for Meetings versions prior to 5.12.6
Zoom Rooms for Conference Room versions prior to 5.12.6
Description
The issue is related to incorrect code generation management in the Zoom service for video conferencing. Exploitation of this issue may allow an attacker to execute arbitrary code. A local low-privileged user could exploit this vulnerability to run arbitrary code in the context of the Zoom client. The vulnerability is related to a DLL injection vulnerability.
Recommendations
For Zoom Client for Meetings versions prior to 5.12.6, update to version 5.12.6 or later to resolve the issue.
For Zoom Rooms for Conference Room versions prior to 5.12.6, update to version 5.12.6 or later to resolve the issue.
As a temporary workaround, consider restricting access to the Zoom client to minimize the risk of exploitation.
Fix
Code Injection
Uncontrolled Search Path Element
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Zoom Client For Meetings
Zoom Rooms For Conference Room
Zoom