CVE-2022-22788

Description

The Zoom Opener installer is downloaded by a user from the Launch meeting page, when attempting to join a meeting without having the Zoom Meeting Client installed. The Zoom Opener installer for Zoom Client for Meetings before version 5.10.3 and Zoom Rooms for Conference Room for Windows before version 5.10.3 are susceptible to a DLL injection attack. This vulnerability could be used to run arbitrary code on the victims host.

Related CPE's

a zoom meetings *****windows **

a zoom rooms *****windows **

References

https://explore.zoom.us/en/trust/security/security-bulletin/

Vendor Advisory

CvssV3 impact

Could not find any metrics

CvssV2 impact

AccessComplexity	MEDIUM
ConfidentialityImpact	COMPLETE
AvailabilityImpact	COMPLETE
IntegrityImpact	COMPLETE
BaseScore	6.900000095367432
VectorString	AV:L/AC:M/Au:N/C:C/I:C/A:C
Version	2.0
AccessVector	LOCAL
Authentication	NONE

Created by Yello

About Severity.io