CVE-2022-22788 vulnerability in Zoom Products
Published on June 15, 2022
DLL injection in Zoom Opener installer for Zoom and Zoom Rooms clients
The Zoom Opener installer is downloaded by a user from the Launch meeting page, when attempting to join a meeting without having the Zoom Meeting Client installed. The Zoom Opener installer for Zoom Client for Meetings before version 5.10.3 and Zoom Rooms for Conference Room for Windows before version 5.10.3 are susceptible to a DLL injection attack. This vulnerability could be used to run arbitrary code on the victims host.
Vulnerability Analysis
CVE-2022-22788 is exploitable with network access, requires user interaction and a small amount of user privileges. This vulnerability is consided to have a high level of attack complexity. The potential impact of an exploit of this vulnerability is considered to be very high.
Products Associated with CVE-2022-22788
stack.watch emails you whenever new vulnerabilities are published in Zoom Meetings or Zoom Rooms. Just hit a watch button to start following.
Affected Versions
Zoom Video Communications Inc Zoom Client for Meetings:- Version unspecified and below 5.10.3 is affected.
- Version unspecified and below 5.10.3 is affected.
Exploit Probability
EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.