CVE-2022-22788
Description
The Zoom Opener installer is downloaded by a user from the Launch meeting page, when attempting to join a meeting without having the Zoom Meeting Client installed. The Zoom Opener installer for Zoom Client for Meetings before version 5.10.3 and Zoom Rooms for Conference Room for Windows before version 5.10.3 are susceptible to a DLL injection attack. This vulnerability could be used to run arbitrary code on the victims host.
Risk Information
Base Score
7.8
MODERATE
Vector
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
EPSS Score
Exploitation Probability
0.613
Associated Vulnerability
| Vulnerability | OS Platform |
|---|---|
| Vulnerabilities CVE-2022-22788 are fixed in Zoom Rooms (5.15.5.3049) | Windows |
| Vulnerabilities CVE-2022-22788 are fixed in Zoom (x64) (5.10.3.4851) | Windows |
| Vulnerabilities CVE-2022-22788 are fixed in Zoom (5.10.3.4851) | Windows |
| Vulnerabilities CVE-2022-22788 are fixed in Zoom Notes Plugin (5.10.3.407) | Windows |
| Vulnerabilities CVE-2022-22788 are fixed in Zoom Outlook Plugin (5.10.3.406) | Windows |
Patch Details
Click to see the patches provided by ManageEngine for this CVE
| Patch ID | Patch Description |
|---|---|
| PATCH-331905 | Zoom Rooms (5.15.5.3049) |
| PATCH-332244 | Zoom (x64) (5.15.7.20303) |
| PATCH-332243 | Zoom (5.15.7.20303) |
| PATCH-331891 | Zoom Notes Plugin (5.15.5.925) |
| PATCH-331892 | Zoom Outlook Plugin (5.15.5.926) |
References
https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234