CVE-2022-28766
17.11.2022, 23:15
Windows 32-bit versions of the Zoom Client for Meetings before 5.12.6 and Zoom Rooms for Conference Room before version 5.12.6 are susceptible to a DLL injection vulnerability. A local low-privileged user could exploit this vulnerability to run arbitrary code in the context of the Zoom client.
| Vendor | Product | Version |
|---|---|---|
| zoom | meetings | 𝑥 < 5.12.6 |
| zoom | rooms | 𝑥 < 5.12.6 |
𝑥
= Vulnerable software versions
Common Weakness Enumeration
- CWE-94 - Improper Control of Generation of Code ('Code Injection')The software constructs all or part of a code segment using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the syntax or behavior of the intended code segment.
- CWE-427 - Uncontrolled Search Path ElementThe product uses a fixed or controlled search path to find resources, but one or more locations in that path can be under the control of unintended actors.