CVE-2022-28755

Name of the Vulnerable Software and Affected Versions Zoom Client for Meetings versions prior to 5.11.0

Description The issue is related to a URL parsing problem. If a malicious Zoom meeting URL is opened, it may direct the user to connect to an arbitrary network address, potentially leading to additional attacks, including remote code execution through launching executables from arbitrary paths. The vulnerability can be exploited by a remote attacker using a specially crafted malicious URL, allowing for the potential execution of arbitrary code.

Recommendations For versions prior to 5.11.0, update to version 5.11.0 or later to resolve the issue. As a temporary workaround, consider avoiding the use of potentially malicious Zoom meeting URLs until the update is applied. Restrict access to untrusted URLs to minimize the risk of exploitation.