CVE-2022-22788

Summary

The Zoom Opener installer is downloaded by a user from the Launch meeting page, when attempting to join a meeting without having the Zoom Meeting Client installed. The Zoom Opener installer for Zoom Client for Meetings before version 5.10.3 and Zoom Rooms for Conference Room for Windows before version 5.10.3 are susceptible to a DLL injection attack. This vulnerability could be used to run arbitrary code on the victims host.

Affected Software

VendorProductVersion RangeStatus
Zoom Video Communications IncZoom Client for Meetingsunspecified < 5.10.3affected
Zoom Video Communications IncAll Zoom Rooms for Conference Room for Windowsunspecified < 5.10.3affected

Weaknesses

  • Uncontrolled Search Path Element

ADP Enrichment

CVE Program Container

Additional References

References