Zoom Plugin Microsoft Outlook

The Zoom Client for Meetings for Windows prior to version 5.9.7

CVE-2022-22782 7.1 - High - April 28, 2022

The Zoom Client for Meetings for Windows prior to version 5.9.7, Zoom Rooms for Conference Room for Windows prior to version 5.10.0, Zoom Plugins for Microsoft Outlook for Windows prior to version 5.10.3, and Zoom VDI Windows Meeting Clients prior to version 5.9.6; was susceptible to a local privilege escalation issue during the installer repair operation. A malicious actor could utilize this to potentially delete system level files or folders, causing integrity or availability issues on the users host machine.

All versions of the Zoom Plugin for Microsoft Outlook for MacOS before 5.3.52553.0918 contain a Time-of-check Time-of-use (TOC/TOU) vulnerability during the plugin installation process

CVE-2021-34413 7.5 - High - September 27, 2021

All versions of the Zoom Plugin for Microsoft Outlook for MacOS before 5.3.52553.0918 contain a Time-of-check Time-of-use (TOC/TOU) vulnerability during the plugin installation process. This could allow a standard user to write their own malicious application to the plugin directory, allowing the malicious application to execute in a privileged context.

TOCTTOU

A user-writable application bundle unpacked during the install for all versions of the Zoom Plugin for Microsoft Outlook for Mac before 5.0.25611.0521

CVE-2021-34410 7.8 - High - September 27, 2021

A user-writable application bundle unpacked during the install for all versions of the Zoom Plugin for Microsoft Outlook for Mac before 5.0.25611.0521 allows for privilege escalation to root.

Incorrect Permission Assignment for Critical Resource