CVE-2022-28766

Summary

Windows 32-bit versions of the Zoom Client for Meetings before 5.12.6 and Zoom Rooms for Conference Room before version 5.12.6 are susceptible to a DLL injection vulnerability. A local low-privileged user could exploit this vulnerability to run arbitrary code in the context of the Zoom client.

Affected Software

VendorProductVersion RangeStatus
Zoom Video Communications IncZoom Client for Meetings for Windows (32-bit)unspecified < 5.12.6affected
Zoom Video Communications IncZoom VDI Windows Meeting Client for Windows (32-bit)unspecified < 5.12.6affected
Zoom Video Communications IncZoom Rooms for Conference Room for Windows (32-bit)unspecified < 5.12.6affected

Weaknesses

  • CWE-94: CWE-94: Improper Control of Generation of Code ('Code Injection')

ADP Enrichment

CVE Program Container

Additional References

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References